BreachExchange mailing list archives
European Space Agency hacked, sensitive data released publicly (fwd)
From: security curmudgeon <jericho () attrition org>
Date: Tue, 19 Apr 2011 01:19:31 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://thenextweb.com/eu/2011/04/18/european-space-agency-hacked-sensitive-data-released-publicly/ By Matt Brian The Next Web April 18, 2011 It is reported that yesterday the European Space Agency (ESA) website was compromised by a hacker, opening up sensitive project logs and exposing hundreds of email addresses and passwords associated with some of Europe?s top science institutes. The hacker, known by the alias TinKode, posted a full disclosure of the attack on his website, highlighting FTP accounts, database users, hashed passwords as well as SHA1-hashed server root password. Perhaps a little more worrying for the ESA was that fact the attacker was also able to access some of the agency?s space projects including satellite activities, calibration sources and environmental details. Despite showcasing the data stolen in the attack, the hacker did not disclose how the ESA website was compromised. Administrator and editor credentials were discovered to be in plain text, as were user email addresses and passwords, which look to consist of serveral CERN science institute employees, staff at defence corporation BAE Systems and many other contractors and companies linked to the agency. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- European Space Agency hacked, sensitive data released publicly (fwd) security curmudgeon (Apr 19)