Category: breach

Aug 24 2015

Ashley Madison offers $500,000 reward amid reports of member suicides

An international roster of police and private investigators are vowing to vigorously pursue the people who hacked the Ashley Madison dating website for cheaters, with the cheating site offering a $500,000 reward and appealing for help from hackers around the world.

The full-court press comes amid a report of at least two suicides of people whose personal information was included in the massive dump of account data for Ashley Madison, which carried the tag line "Life is short. Have an affair." It's too early to say if the exposures were the proximate reason the individuals took their lives, but the deaths were discussed during a press conference the Toronto Police Service held early Monday morning. Bryce Evans, acting staff superintendent, said the outing of so many people in committed relationships cheating on their partners crossed a line that could destroy lives and careers of millions of people around the world.

Wakeup call

He called on hackers around the world to provide tips to law enforcement agencies working to identify the people who thoroughly rooted the servers of Ashley Madison parent company Avid Life Media. He also said the investigation was being carried out jointly by his department, the Royal Canadian Mounted Police, the US Department of Homeland Security, the FBI, and others. Additionally, he said Avid Life Media has pledged a $500,000 reward for information leading to the identification of the people responsible for the compromise, who have dubbed themselves Impact Team.

Read 4 remaining paragraphs | Comments

Aug 19 2015

Ashley Madison hack is not only real, it’s worse than we thought

The massive leak attributed to the hackers who rooted to the Ashley Madison dating website for cheaters has been confirmed to be genuine. As if that wasn't bad enough, the 10 gigabytes of data—compressed, no less—is far more wide ranging than almost anyone could have imagined.

Researchers are still pouring over the unusually large dump, but already they say it includes user names, first and last names, and hashed passwords for 33 million accounts, partial credit card data, street names, and phone numbers for huge numbers of users, records documenting 9.6 million transactions, and 36 million email addresses. While much of the data is sure to correspond to anonymous burner accounts, it's a likely bet many of them belong to real people who visited the site for clandestine encounters. For what it's worth, more than 15,000 of the e-mail addresses are hosted by US government and military servers using the .gov and .mil top-level domains.

The leak also includes PayPal accounts used by Ashley Madison executives, Windows domain credentials for employees, and a large number of proprietary internal documents. Also found: huge numbers of internal documents, memos, org charts, contracts, sales techniques, and more.

Read 5 remaining paragraphs | Comments

Jul 11 2015

Second PoC exploit for Adobe Flash Player discovered after the hackers-for-hire company breach

Yet another Adobe Flash Player zero-day discovered from the Hacking Team breach.

続きを読む
Jun 21 2015

“EPIC” fail—how OPM hackers tapped the mother lode of espionage data

Government officials have been vague in their testimony about the data breaches—there was apparently more than one—at the Office of Personnel Management. But on Thursday, officials from OPM, the Department of Homeland Security, and the Department of the Interior revealed new information that indicates at least two separate systems were compromised by attackers within OPM's and Interior's networks. The first was the Electronic Official Personnel Folder (eOPF) system, an entity hosted for OPM at the Department of the Interior's shared service data center. The second was the central database behind EPIC, the suite of software used by OPM's Federal Investigative Service in order to collect data for government employee and contractor background investigations.

OPM has not yet revealed the full extent of the data exposed by the attack, but initial actions by the agency in response to the breaches indicate information g as many as 3.2 million federal employees (both current federal employees and retirees) was exposed. However, new estimates in light of this week's revelations have soared, estimating as many as 14 million people in and outside government will be affected by the breach—including uniformed military and intelligence personnel. It is, essentially, the biggest "doxxing" in history. And if true, personal details from nearly everyone who works for the government in some capacity may now be in the hands of a foreign government. This fallout is the culmination of years of issues such as reliance on outdated software and contracting large swaths of security work elsewhere (including China).

The OPM breaches themselves are cause for major concerns, but there are signs that these are not isolated incidents. "We see supporting evidence that these attacks are related to the group that launched the attack on Anthem [the large health insurer breached earlier this year]," said Tom Parker, chief technology officer of the information security company FusionX. "And there was a breach at United Airlines that's potentially correlated as well." When pulled together into an analytical database, the information could essentially become a LinkedIn for spies, providing a foreign intelligence organization with a way to find individuals with the right job titles, the right connections, and traits that might make them more susceptible to recruitment or compromise.

Read 46 remaining paragraphs | Comments