One Massive Hack Last Year - Nobody Noticed!

Uploaded on 2016-05-06 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW


The MD5 message-digest algorithm is a widely used cryptographic hash function

Hackers last year quietly stole a database containing the details of over 57 million people. The breach has only come to light this week, after the stolen data was put up for sale on the dark web.

The breach data contains data spanning three years between 2012 and 2015, including usernames, email addresses, and passwords that were hashed with the MD5 algorithm, which nowadays is easy to crack. Many cell phone numbers and Facebook usernames are also in the cache.

Many of the email addresses in the leaked database are associated with major companies, like Apple, Twitter, and Google, as well as Western government departments and agencies. It comes just a day after a similar, yet unrelated breach of user data.

A grey-hat hacker, who goes by the name Peace, obtained a copy of the stolen data from Russian hackers, and provided a number of files containing the breached data to ZDNet earlier this week. Security expert Troy Hunt, who runs breach notification site Have I Been Pwned, helped analyze and verify the data. Hunt found over 52.5 million unique emails in the cache, suggesting the vast majority of data has not been previously leaked.

But here's the twist: nobody can say for sure where the data came from.

Peace said in an encrypted chat that the data was stolen from a well-known dating site, Zoosk, which has more than 33 million users, by allegedly exploiting vulnerabilities in the website's outdated software. The hacker declined to give specific details. Peace then put the breached database, about 4.6 gigabytes in size, up for sale on a dark web marketplace for 0.8 bitcoins, which at the time of posting was about $400 per download.

Zoosk denied that it had been hacked after examining a sample of the cache, citing inconsistencies in the data. "None of the full user records in the sample data set was a direct match to a Zoosk user," a spokesperson said in an emailed statement.

Although a fraction of the email addresses in the sample matched Zoosk accounts, the spokesperson said that this was likely attributable to using the same email on different sites, which many do.

Hunt reached out to some who were named in the breach. Several users were able to confirm that the email address they used on Zoosk roughly matched up to the date they registered, but others vehemently denied altogether that they had used the site.

Rasmus Poulsen, whose email address and password was found in the breach, said he "wasn't as shocked" as he thought he would be, he said in an email. "Luckily I'm in the process of implementing LastPass on all sites and services that I use, so the security impact isn't as bad as it could be," he added.  Like others, he used the same email address for different services, including Badoo, he said.

He confirmed that while he had previously signed up to Zoosk, it wasn't with the email address used in the breach. "It would have come from Badoo and not Zoosk," he said.

Badoo, headquartered in London, UK, stands as one of the largest dating websites in the world with more than 300 million users signed up to date. A spokesperson for Badoo denied that it had been hacked. "Badoo has not been hacked and our user records [and] accounts are secure. We monitor our security constantly and take extreme measures to protect our user base. We were made aware of an alleged data breach, which upon a thorough investigation into our system, we can confirm did not take place," said a spokesperson.

According to Hunt's data analysis, there are about 88,000 emails containing "badoo.com." When we examined further, many of these appeared to be internal corporate accounts used for testing purposes. Many of these accounts had the same or similar passwords.

In an email, Badoo founder Andrey Andreev confirmed the existence of about 19,000 test email accounts in the stolen database. He said the company will "use these [accounts] to test our competitors' products as well."

"Any Badoo test accounts expire after a maximum of 30 minutes and they cannot be accessed externally," said Andreev. When pressed, he would not say which services these accounts were registered with because Badoo does "not store the details as they are removed so quickly."

Many thousands of other Badoo email accounts in the database appeared at "@mobile.badoo.com." These accounts are associated with those who sign up with their cell number, which is turned into an internal Badoo email address. Andreev confirmed in a follow-up email that this is how Badoo stores users' cell numbers when they sign up.

But neither Andreev or a Badoo spokesperson could not say how or why this data was part of the stolen database, but maintained that it had not been hacked. "We have over 30 million phone registrations out of our 300 million registrations. Please take this as an indicator that the information provided to you is not the result of a database breach, but rather must have come from a different source not supplied by Badoo," the spokesperson said.

Andreev also added that the company uses "a different form of one-way encryption" than MD5, but would not say what.

Nobody has claimed the leaked data as their own, but it almost doesn't matter.
Now that millions of usernames and passwords are sitting in a dark web marketplace, and ready to be bought for a rock-bottom price, the damage is already done.
ZD Net: http://zd.net/1Wcol4M

« E-stonia: Antithesis of Russia
Future Intelligence Sharing In the Syrian War »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Operational Center for Information Systems Security (COSSI)

Operational Center for Information Systems Security (COSSI)

COSSI is responsible for the detection and mitigation of cyber attacks directed at French Government information systems.

Dionach

Dionach

Dionach are a certified information security specialists who provide Penetration Testing, IT Security Auditing and Information Security Consultancy.

Elitecyber Group

Elitecyber Group

Elitecyber group is a team of Cyber Security recruitment experts who work for Cyber Security and Cyber Defence clients and candidates throughout Europe.

eLearnSecurity

eLearnSecurity

eLearnSecurity is an innovator in the IT Security training market providing quality online courses paired with highly practical virtual labs.

Accelerator Frankfurt

Accelerator Frankfurt

Accelerator Frankfurt is an independent go-to-market program focused on Fintech, Cybersecurity and Digital B2B startups.

Servian

Servian

Servian is one of Australia's leading IT consultancies, with expertise in cloud, data, machine learning, DevOps and cybersecurity.

IT Acceleration

IT Acceleration

IT Acceleration is a full-service IT management and support, IT compliance and Digital Forensics company.

eCentre@LindenPointe

eCentre@LindenPointe

The eCenter@LindenPointe provides assistance to the development, management and promotion of STEM (Science, Technology, Engineering, Mathematics) related business ventures.

Opus

Opus

Opus dramatically reduces cloud security risks by enabling teams to define, orchestrate, automate and measure remediation processes across the entire distributed organization.

Integris

Integris

Integris offers best-in-class services like dedicated vCIOs, specialized security and compliance advisory services, a 24/7 help desk, and more.

Atlas Cloud

Atlas Cloud

Atlas Cloud is a UK-wide provider of managed services based in Newcastle. Our ‘research-led’ approach to IT services helps leaders make better decisions about IT for their businesses.

Borwell

Borwell

Borwell delivers software and IT solutions to the UK MoD and to UK Government departments, which are secure by design.

ABPGroup

ABPGroup

ABPGroup is Asia’s leading cybersecurity technology provider focusing on providing best-of-breed solutions that address today’s pressing challenges.

Vambrace Cybersecurity

Vambrace Cybersecurity

Vambrace is an experienced cybersecurity consultancy and operations outsourcer helping you to secure your business in an increasingly-hostile cyber environment.

Dark Entry

Dark Entry

Dark Entry provide solutions to safeguard businesses, leveraging advanced technologies and intelligence-driven approaches to detect and mitigate risks associated with compromised data.

Ory Corp

Ory Corp

Ory's IAM/CIAM solutions are designed to empower businesses with the tools they need to protect their users, services and things, and maintain compliance.