From: security curmudgeon (jerichoattrition.org)
Date: Thu Apr 16 2009 - 01:50:49 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[Although the article uses "personal information", the focus is on
  authentication credentials. It isn't clear the extent of the information
  compromised on these sites. - jericho]

---------- Forwarded message ----------
From: InfoSec News <alertsinfosecnews.org>

http://joongangdaily.joins.com/article/view.asp?aid=2903657

By Park Yu-mi, Kim Mi-ju
JoongAng Daily
April 16, 2009

Two computer programmers were indicted yesterday on charges of hacking
into Web sites and obtaining personal data of 2.3 million persons and
using part of that information to post spam advertisements on Naver and
other Web sites.

According to investigators at the Seoul Central District Prosecutors’
Office, the pair allegedly hacked into more than 100 Web sites from
January 2008 until February of this year.

They targeted Web sites for games, florists, real estate agencies and used
car dealerships that have vulnerable security systems.

“They developed their own computer program to sort out whether some of
the users’ stolen IDs and passwords collected from various Web sites
were identical to Naver IDs and passwords,” said Roh Seung-kwon, the
prosecutor in charge of the case.

The suspects took advantage of the practice by some Internet users of
using the same ID and password to access different Web sites, he added.

[..]

_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]