From: security curmudgeon (jerichoattrition.org)
Date: Wed May 23 2012 - 18:13:07 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------- Forwarded message ----------
To: Infowarrior List <infowarriorattrition.org>

Begin forwarded message:

> From: Duane
>
> http://www.forbes.com/sites/andygreenberg/2012/05/22/hackers-impersonate-web-billing-firms-staff-to-spill-500000-users-passwords-and-credit-cards/
>
> Hackers Impersonate Web Billing Firm's Staff To Spill 500,000 Users' Passwords And Credit Cards
> Andy Greenberg, Forbes Staff
> 5/22/2012 11:26AM
>
>
> British Web billing firm WHMCS is reeling from an attack that spilled
> its user accounts, deleted reams of data, temporarily took its site
> offline, and hijacked its Twitter feed?all seemingly the result of a
> smooth-talking hacker con.
>
> A WHMCS spokesperson wrote in a statement Tuesday morning that hackers
> had successfully impersonated him to fool the company?s Web host into
> giving them access to the company?s account details. ?This means that
> there was no actual hacking of our server,? the spokesperson wrote.
> ?They were ultimately given the access details.?
>
> The intruders, a hacktivist group that calls itself UGNazi, ultimately
> leaked a 1.7 gigabyte trove of data from the British web hosting firm
> that includes 500,000 users accounts according to the UK tech news site
> the Register, including some number of credit card details. The company
> wrote in an earlier statement that the hackers accessed both users?
> passwords and their payment details, and that both sets of data were
> encrypted, though company warned that the credit cards may nonetheless
> be at risk, and that users should change their passwords.

[..]
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]