One Massive Hack Last Year - Nobody Noticed!

Uploaded on 2016-05-06 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW


The MD5 message-digest algorithm is a widely used cryptographic hash function

Hackers last year quietly stole a database containing the details of over 57 million people. The breach has only come to light this week, after the stolen data was put up for sale on the dark web.

The breach data contains data spanning three years between 2012 and 2015, including usernames, email addresses, and passwords that were hashed with the MD5 algorithm, which nowadays is easy to crack. Many cell phone numbers and Facebook usernames are also in the cache.

Many of the email addresses in the leaked database are associated with major companies, like Apple, Twitter, and Google, as well as Western government departments and agencies. It comes just a day after a similar, yet unrelated breach of user data.

A grey-hat hacker, who goes by the name Peace, obtained a copy of the stolen data from Russian hackers, and provided a number of files containing the breached data to ZDNet earlier this week. Security expert Troy Hunt, who runs breach notification site Have I Been Pwned, helped analyze and verify the data. Hunt found over 52.5 million unique emails in the cache, suggesting the vast majority of data has not been previously leaked.

But here's the twist: nobody can say for sure where the data came from.

Peace said in an encrypted chat that the data was stolen from a well-known dating site, Zoosk, which has more than 33 million users, by allegedly exploiting vulnerabilities in the website's outdated software. The hacker declined to give specific details. Peace then put the breached database, about 4.6 gigabytes in size, up for sale on a dark web marketplace for 0.8 bitcoins, which at the time of posting was about $400 per download.

Zoosk denied that it had been hacked after examining a sample of the cache, citing inconsistencies in the data. "None of the full user records in the sample data set was a direct match to a Zoosk user," a spokesperson said in an emailed statement.

Although a fraction of the email addresses in the sample matched Zoosk accounts, the spokesperson said that this was likely attributable to using the same email on different sites, which many do.

Hunt reached out to some who were named in the breach. Several users were able to confirm that the email address they used on Zoosk roughly matched up to the date they registered, but others vehemently denied altogether that they had used the site.

Rasmus Poulsen, whose email address and password was found in the breach, said he "wasn't as shocked" as he thought he would be, he said in an email. "Luckily I'm in the process of implementing LastPass on all sites and services that I use, so the security impact isn't as bad as it could be," he added.  Like others, he used the same email address for different services, including Badoo, he said.

He confirmed that while he had previously signed up to Zoosk, it wasn't with the email address used in the breach. "It would have come from Badoo and not Zoosk," he said.

Badoo, headquartered in London, UK, stands as one of the largest dating websites in the world with more than 300 million users signed up to date. A spokesperson for Badoo denied that it had been hacked. "Badoo has not been hacked and our user records [and] accounts are secure. We monitor our security constantly and take extreme measures to protect our user base. We were made aware of an alleged data breach, which upon a thorough investigation into our system, we can confirm did not take place," said a spokesperson.

According to Hunt's data analysis, there are about 88,000 emails containing "badoo.com." When we examined further, many of these appeared to be internal corporate accounts used for testing purposes. Many of these accounts had the same or similar passwords.

In an email, Badoo founder Andrey Andreev confirmed the existence of about 19,000 test email accounts in the stolen database. He said the company will "use these [accounts] to test our competitors' products as well."

"Any Badoo test accounts expire after a maximum of 30 minutes and they cannot be accessed externally," said Andreev. When pressed, he would not say which services these accounts were registered with because Badoo does "not store the details as they are removed so quickly."

Many thousands of other Badoo email accounts in the database appeared at "@mobile.badoo.com." These accounts are associated with those who sign up with their cell number, which is turned into an internal Badoo email address. Andreev confirmed in a follow-up email that this is how Badoo stores users' cell numbers when they sign up.

But neither Andreev or a Badoo spokesperson could not say how or why this data was part of the stolen database, but maintained that it had not been hacked. "We have over 30 million phone registrations out of our 300 million registrations. Please take this as an indicator that the information provided to you is not the result of a database breach, but rather must have come from a different source not supplied by Badoo," the spokesperson said.

Andreev also added that the company uses "a different form of one-way encryption" than MD5, but would not say what.

Nobody has claimed the leaked data as their own, but it almost doesn't matter.
Now that millions of usernames and passwords are sitting in a dark web marketplace, and ready to be bought for a rock-bottom price, the damage is already done.
ZD Net: http://zd.net/1Wcol4M

« E-stonia: Antithesis of Russia
Future Intelligence Sharing In the Syrian War »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Bulletproof Cyber

Bulletproof Cyber

Bulletproof offer a range of security services, from penetration testing and vulnerability assessments to 24/7 security monitoring, and consultancy.

Maverick Technologies

Maverick Technologies

Maverick is an industrial automation, enterprise integration and operational consulting company. Services include industrial cyber security.

Auxilium Cyber Security

Auxilium Cyber Security

Auxilium Cyber Security is independent information security consultancy company providing cyber security services tailored to meet the evolving needs of organizations worldwide.

BigWeb Technologies

BigWeb Technologies

BigWeb Technologies is dedicated to provide its clients with ICT related services including Infrastructure Solutions, Consultancy and Security.

CyberSec Hub - The Kosciuszko Institute

CyberSec Hub - The Kosciuszko Institute

The goal of CyberSec Hub is to create a centre of excellence for cybersecurity in Krakow, a new European “Cyber-Silicon Valley”.

NSA Career Development Programs

NSA Career Development Programs

NSA offers entry-level programs to help employees enhance their skills, improve their understanding of a specific discipline and even cross-train into a new career field.

GBT Technologies

GBT Technologies

GBT Technologies is a technology company focused on chip design and software to enable IoT, global mesh networks, and for applications relating to artificial intelligence.

Intracom Telecom

Intracom Telecom

Intracom Telecom is a global telecommunication systems & solutions vendor offering a complete range of professional services and solutions including Information Security.

Auvik Networks

Auvik Networks

Auvik is easy-to-use cloud-based networking management and monitoring software - true network visibility and control without the hassle.

Trusted Security Solutions (TSS)

Trusted Security Solutions (TSS)

TSS are specialist in IT Security and providing Cybersecurity Solutions & Services combined with storage and backup.

Cider Security

Cider Security

Cider Security - It’s time to revolutionize the way Security, Dev and DevOps teams work together to supercharge security at the speed of engineering.

InfusionPoints

InfusionPoints

InfusionPoints is your independent trusted partner dedicated to assisting you in building your secure and compliant business solutions.

Arelion

Arelion

Arelion is a leading light in global connectivity and we've been keeping the world connected for nearly three decades.

aFFirmFirst

aFFirmFirst

aFFirmFirst is a unique software solution offering a simple yet effective way for businesses to protect and control their online images and logo, as well as allowing one-click website verification.

Superna

Superna

Superna is the global leader in data security and cyberstorage solutions for unstructured data, both on-prem and in the hybrid multi-cloud.

NetSfere

NetSfere

NetSfere provides next-generation messaging and mobility solutions to carriers and enterprises globally including its enterprise-grade, secure mobile messaging platform NetSfere Enterprise.