BreachExchange mailing list archives
dslreports user password information breached
From: security curmudgeon <jericho () attrition org>
Date: Thu, 28 Apr 2011 20:02:47 -0500 (CDT)
http://www.dslreports.com/forum/r25793356-site-user-password-intrusion-info Forums > The Site > DSLReports.com > Site Bugs > site user password intrusion info site user password intrusion info Quick Q+A For the accounts compromised, what was obtained? registration email address and user picked login password Nothing else? No. When did it happen
From 2pm wednesday to about 6pm wednesday, during which time the site was
timing out and acting up When did the warning emails go out They started to be generated about midnight that same night, and all compromised passwords were reset at that time Who/what did the hack A large network (botnet) of compromised windows machines, circumventing individual IP access limits on unusual activity. The attack was blocked before it had completed more than 8% of its work. What is the likely use for the data gained Gaining access to email accounts, gaining access to accounts at paypal/google/amazon/facebook/twitter or other big sites where login is via email and password. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- dslreports user password information breached security curmudgeon (Apr 28)