Motivated Hacker Always Gets In

Thursday, January 19, 2012 @ 03:01 PM gHale

With the proper motivation, hackers can get in anywhere whether it is a nuclear plant, chemical plant, auto manufacturer, or even an extremely secure online clothing store.

That was the case when a hacker bypassed security mechanisms at online clothing and accessories store David Morgan, leaking usernames, represented by emails, and password hashes.

Steel Giant Hacked; Info Leaked
Symantec: Hackers got Some Code
Hackers Claim Symantec Code
SQL Injection Attack Hits 1 Million

The hacker posted 6,000 credential sets on Pastebin, but he claims that he obtained more than 24,000.

“Ohai, still out there bringing you freshly dumped data from all over the world wide web. This one is a bit special, the dump is from an online shop called David Morgan. They’re supposed to be this ‘secure online catalog’, but I guess they aren’t? Lulz!” the hacker said.

The hacker also warned email addresses utilized as usernames end in .mil and .gov domain extensions which is an indication that members of the government and military may suffer from exposure.

“Using your work email on unsecured websites could result in your work email getting pwnd,” said the hacker.

He identified 71 .mil and 76 .gov email addresses among the leaked data. Besides the military and government email addresses, the leak also contains a lot of usernames represented by company emails which help launch targeted social engineering attacks.

Users who own a David Morgan account should immediately change their passwords. Also, those whose accounts use a company email should be on the lookout for any suspicious messages that may land in their inboxes in the upcoming period.

Leave a Reply

You must be logged in to post a comment.