Archives for 

advanced persistent threat

Credentials of 13 million users breached from 000Webhost, a free webhosting company

000webhostThe Lithuanian 000Webhost is one of the most popular free webhosting services and has over 13.5 million users. It ranks among the top search results in Google and is quite popular for its services. However, according to a report from Forbes, the login credentials of these users, that includes their usernames, passwords, email addresses, last names and IP addresses have been leaked online.

Thomas Fox-Brewster of Forbes was informed by Tory Hunt, a Microsoft MVP and the owner of a website haveibeenpwned.com. The website displays lists of email accounts that are part of major security breaches. Hunt informed Fox-Brewster that an anonymous person contacted him and gave him access to a database that contains the login credentials including usernames and passwords of the 13.5 million users of 000Webhost. Hunt says that this data is legitimate and has never been leaked earlier. He even found that the passwords were store in a plain text.

When Fox-Brewster and Hunt analyzed the ids and passwords by trying to use them to sign up for the services of 000Webhost, they were displayed a message that the ids are already in use. It indicated that the leak might be genuine. The duo then contacted five users of the free web hosting service who confirmed that the login credentials belonged to them. Hunt even discovered an id in his name which means that someone used it register for an account. The web service does not verify the genuine of the users and allows anyone to register. Hunt subsequently changed the password of the account.

Forbes repeatedly tried to contact 000webhost regarding the breach but did not get any response. Fox-Brewster even tried to call the company on its Lithuanian number, but it did not yield any positive results. Despite his repeated attempt to get in touch with a responsible representative of the webhosting service, he could not communicate with them.

However, on 29th October, Hunt discovered that the passwords for all the accounts have been reset. It seems plausible that the company was aware of the breach and decided to reset the passwords of every single user. The users were displayed a message that their passwords were reset for “security reasons”.

On its Facebook page, the company posted:

“We have witnessed a database breach on our main server. A hacker used an exploit in old PHP version to upload some files, gaining access to our systems. Although the whole database has been compromised, we are mostly concerned about the leaked client information.”

Unconvinced with the approach of the company, Hunt wrote:

“By now there’s no remaining doubt that the breach is legitimate and that impacted users will have to know.”

He further added:

“I’d prefer that 000webhost be the ones to notify [its customer] though.”

Although Fox-Brewster and Hunt repeatedly tried to notify the company, they were repeatedly ignored. The company then reset passwords of all the 13.5 million users. The company should have recognized the breach when pointed out by Forbes and Tory Hunt and should have immediately notified each of its users.

000Webhost issued a statement:

“We removed all illegally uploaded pages as soon as we became aware of the [data] breach. Next, we changed all the passwords and increased their encryption to avoid such mishaps in the future.”

It is the second incident in the last few days when a company that stores millions of users’ data has been found complacent and reactionary in its behavior. A few days earlier, TalkTalk, one of the UK’s leading broadband and phone service provider had its security breached resulting in a leak of credentials of around 4 million subscribers.

With the increase in cybercrimes, companies can no longer afford to ignore the security of the data stored with it. It not only affects the users but also tarnishes the reputation of such company along with financial losses. TalkTalk’s share prices fell significantly after the incident of the leak was reported.

Share Button

Thousands of medical systems are exposed to widespread cyber-attacks – Derbycon

Recent reports presented by Scott Erven and Mark Collao at Derbycon have revealed that thousands of medical systems are exposed to widespread cyber-attacks. The researchers reported that a giant U.S. medical organization with 12,000 staff and 3,000 physicians has over 68,000 systems that are vulnerable. The researchers indicate that this is just the tip of […]
Share Button
Continue reading →

50 million users users impacted by WINRAR bug

On 28th September 2015, a vulnerability was detected in WinRAR SFX v5.21. It is the latest version of WinRAR, a commonly used file compression tool. Attackers can exploit the vulnerability and compromise a computer with WinRAR installed on it. The bug is in the “text and icon function” under the module “Text to display in […]
Share Button
Continue reading →

Smartphone browsers can deliver powerful DDoS attack with 4.5billion requests causing Flood Attack

One of the most malicious attacks that can ever be launched on a website is being flooded with multiple requests that it cannot handle, otherwise known as DDoS’es. According to internet security researchers, this nightmare may have recently become a reality after one site was targeted in such a manner with an aim of overwhelming […]
Share Button
Continue reading →

U.S. Government OPS Breach: 5.6 million fingerprints of Federal workers were stolen

The Office of Personnel Management and the Department of Defense are analyzing a data breach which has resulted in stealing of around 5.6 million fingerprint records of federal workers. Initial reports put the number at 4.5 million, however the latest report released on Wednesday 23rd September suggests that the number is as high as 5.6 […]
Share Button
Continue reading →

SUCEFUL – A new Malware capable of copying data from ATM cards

A new kind of malware named SUCEFUL capable of stealing information from ATM cards and capable of retaining them in the ATM machines has been detected by FireEye Labs. The malware has been uploaded on VirusTotal and the researchers at FireEyes Labs traced it as Backdoor.ATM.Suceful. It seems that the name of the virus is […]
Share Button
Continue reading →

Blue Termite – An APT with sophisticated Cyber Espionage campaign targeting Japan

An Advanced Persistent Threat termed Blue Termite has targeted several Japanese companies since November 2013. Antivirus major Kaspersky Lab started working on the APT in the month of October 2014. Although the instance is not unprecedented, it is the first time that an APT has targeted Japanese companies that have their Client to Server (C2S) […]
Share Button
Continue reading →