[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Hack on 8 adult websites exposes oodles of intimate user data
From: InfoSec News <alerts () infosecnews ! org>
Date: 2018-10-22 8:37:26
Message-ID: alpine.DEB.2.20.1810220836510.11864 () ip-172-30-0-239 ! ec2 ! internal
[Download RAW message or body]
https://arstechnica.com/information-technology/2018/10/hack-on-8-adult-websites-exposes-oodles-of-intimate-user-data/
By DAN GOODIN
Ars Technica
10/20/2018
A recent hack of eight poorly secured adult websites has exposed megabytes
of personal data that could be damaging to the people who shared pictures
and other highly intimate information on the online message boards.
Included in the leaked file are (1) IP addresses that connected to the
sites, (2) user passwords protected by a four-decade-old cryptographic
scheme, (3) names, and (4) 1.2 million unique email addresses, although
it's not clear how many of the addresses legitimately belonged to actual
users.
Robert Angelini, the owner of wifelovers.com and the seven other breached
sites, told Ars on Saturday morning that, in the 21 years they operated,
fewer than 107,000 people posted to them. He said he didn't know how or
why the almost 98-megabyte file contained more than 12 times that many
email addresses, and he hasn't had time to examine a copy of the database
that he received on Friday night.
Still, three days after receiving notification of the hack, Angelini
finally confirmed the breach and took down the sites on early Saturday
morning. A notice on the just-shuttered sites warns users to change
passwords on other sites, especially if they match the passwords used on
the hacked sites.
"We will not being going back online unless this gets fixed, even if it
means we close the doors forever," Angelini wrote in an email. It "doesn't
matter if we are talking about 29,312 passwords, 77,000 passwords, or 1.2
million or the actual number, which is probably in between. And as you can
see, we are starting to encourage our users to change all the passwords
everywhere."
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic