BreachExchange mailing list archives
Hackers Impersonate Web Billing Firm's Staff To Spill 500, 000 Users' Passwords And Credit Cards (fwd)
From: security curmudgeon <jericho () attrition org>
Date: Wed, 23 May 2012 18:13:07 -0500 (CDT)
---------- Forwarded message ---------- To: Infowarrior List <infowarrior () attrition org> Begin forwarded message:
From: Duane http://www.forbes.com/sites/andygreenberg/2012/05/22/hackers-impersonate-web-billing-firms-staff-to-spill-500000-users-passwords-and-credit-cards/ Hackers Impersonate Web Billing Firm's Staff To Spill 500,000 Users' Passwords And Credit Cards Andy Greenberg, Forbes Staff 5/22/2012 @ 11:26AM British Web billing firm WHMCS is reeling from an attack that spilled its user accounts, deleted reams of data, temporarily took its site offline, and hijacked its Twitter feed?all seemingly the result of a smooth-talking hacker con. A WHMCS spokesperson wrote in a statement Tuesday morning that hackers had successfully impersonated him to fool the company?s Web host into giving them access to the company?s account details. ?This means that there was no actual hacking of our server,? the spokesperson wrote. ?They were ultimately given the access details.? The intruders, a hacktivist group that calls itself UGNazi, ultimately leaked a 1.7 gigabyte trove of data from the British web hosting firm that includes 500,000 users accounts according to the UK tech news site the Register, including some number of credit card details. The company wrote in an earlier statement that the hackers accessed both users? passwords and their payment details, and that both sets of data were encrypted, though company warned that the credit cards may nonetheless be at risk, and that users should change their passwords.
[..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Hackers Impersonate Web Billing Firm's Staff To Spill 500, 000 Users' Passwords And Credit Cards (fwd) security curmudgeon (May 30)