One Massive Hack Last Year - Nobody Noticed!

Uploaded on 2016-05-06 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW


The MD5 message-digest algorithm is a widely used cryptographic hash function

Hackers last year quietly stole a database containing the details of over 57 million people. The breach has only come to light this week, after the stolen data was put up for sale on the dark web.

The breach data contains data spanning three years between 2012 and 2015, including usernames, email addresses, and passwords that were hashed with the MD5 algorithm, which nowadays is easy to crack. Many cell phone numbers and Facebook usernames are also in the cache.

Many of the email addresses in the leaked database are associated with major companies, like Apple, Twitter, and Google, as well as Western government departments and agencies. It comes just a day after a similar, yet unrelated breach of user data.

A grey-hat hacker, who goes by the name Peace, obtained a copy of the stolen data from Russian hackers, and provided a number of files containing the breached data to ZDNet earlier this week. Security expert Troy Hunt, who runs breach notification site Have I Been Pwned, helped analyze and verify the data. Hunt found over 52.5 million unique emails in the cache, suggesting the vast majority of data has not been previously leaked.

But here's the twist: nobody can say for sure where the data came from.

Peace said in an encrypted chat that the data was stolen from a well-known dating site, Zoosk, which has more than 33 million users, by allegedly exploiting vulnerabilities in the website's outdated software. The hacker declined to give specific details. Peace then put the breached database, about 4.6 gigabytes in size, up for sale on a dark web marketplace for 0.8 bitcoins, which at the time of posting was about $400 per download.

Zoosk denied that it had been hacked after examining a sample of the cache, citing inconsistencies in the data. "None of the full user records in the sample data set was a direct match to a Zoosk user," a spokesperson said in an emailed statement.

Although a fraction of the email addresses in the sample matched Zoosk accounts, the spokesperson said that this was likely attributable to using the same email on different sites, which many do.

Hunt reached out to some who were named in the breach. Several users were able to confirm that the email address they used on Zoosk roughly matched up to the date they registered, but others vehemently denied altogether that they had used the site.

Rasmus Poulsen, whose email address and password was found in the breach, said he "wasn't as shocked" as he thought he would be, he said in an email. "Luckily I'm in the process of implementing LastPass on all sites and services that I use, so the security impact isn't as bad as it could be," he added.  Like others, he used the same email address for different services, including Badoo, he said.

He confirmed that while he had previously signed up to Zoosk, it wasn't with the email address used in the breach. "It would have come from Badoo and not Zoosk," he said.

Badoo, headquartered in London, UK, stands as one of the largest dating websites in the world with more than 300 million users signed up to date. A spokesperson for Badoo denied that it had been hacked. "Badoo has not been hacked and our user records [and] accounts are secure. We monitor our security constantly and take extreme measures to protect our user base. We were made aware of an alleged data breach, which upon a thorough investigation into our system, we can confirm did not take place," said a spokesperson.

According to Hunt's data analysis, there are about 88,000 emails containing "badoo.com." When we examined further, many of these appeared to be internal corporate accounts used for testing purposes. Many of these accounts had the same or similar passwords.

In an email, Badoo founder Andrey Andreev confirmed the existence of about 19,000 test email accounts in the stolen database. He said the company will "use these [accounts] to test our competitors' products as well."

"Any Badoo test accounts expire after a maximum of 30 minutes and they cannot be accessed externally," said Andreev. When pressed, he would not say which services these accounts were registered with because Badoo does "not store the details as they are removed so quickly."

Many thousands of other Badoo email accounts in the database appeared at "@mobile.badoo.com." These accounts are associated with those who sign up with their cell number, which is turned into an internal Badoo email address. Andreev confirmed in a follow-up email that this is how Badoo stores users' cell numbers when they sign up.

But neither Andreev or a Badoo spokesperson could not say how or why this data was part of the stolen database, but maintained that it had not been hacked. "We have over 30 million phone registrations out of our 300 million registrations. Please take this as an indicator that the information provided to you is not the result of a database breach, but rather must have come from a different source not supplied by Badoo," the spokesperson said.

Andreev also added that the company uses "a different form of one-way encryption" than MD5, but would not say what.

Nobody has claimed the leaked data as their own, but it almost doesn't matter.
Now that millions of usernames and passwords are sitting in a dark web marketplace, and ready to be bought for a rock-bottom price, the damage is already done.
ZD Net: http://zd.net/1Wcol4M

« E-stonia: Antithesis of Russia
Future Intelligence Sharing In the Syrian War »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cryptus Cyber Security

Cryptus Cyber Security

Cryptus Cyber Security is an Information Security Training company providing advanced training and services to IT Professionals.

Tata Consultancy Services

Tata Consultancy Services

Tata Consultancy Services is a global leader in IT services, consulting & business solutions including cyber security.

SHIELD

SHIELD

SHIELD is an established end-to-end fraud management solution that blocks fraudulent activities such as account takeovers, fake accounts creation, fraudulent payments, loyalty fraud and more.

Agio

Agio

Agio is a hybrid managed IT and cybersecurity provider servicing the financial services, health care and payments industries.

INVISUS

INVISUS

INVISUS protects businesses against the latest cyber risks – including business and employee identity theft, data breaches, and cybersecurity compliance.

Switchfast Technologies

Switchfast Technologies

Switchfast Technologies is an IT consulting and managed services provider, offering IT support and consulting to Chicagoland small businesses.

SoloKeys

SoloKeys

SoloKeys provides the first open-source FIDO2 security key: Protect your online accounts against unauthorized access by using the most secure login method.

West Midlands Cyber Resilience Centre (WMCRC)

West Midlands Cyber Resilience Centre (WMCRC)

The East Midlands Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

Censinet

Censinet

Censinet provides the first and only third-party risk management platform for healthcare organizations to manage the threats to patient care that exist within an expanding ecosystem.

B2Bcert

B2Bcert

B2BCERT one of the top companies offering ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 27001, ISO 20000,CE Marking, HACCP, and other globally accepted standards and Management solutions.

Astran

Astran

At Astran, we revolutionize data security by introducing a groundbreaking solution for data confidentiality headaches.

SecZone

SecZone

SecZone is a Chinese enterprise with a mission to "Make It Secure." We are dedicated to driving software security innovation globally.

Continent 8 Technologies

Continent 8 Technologies

Continent 8 Technologies is the leading provider of managed hosting, connectivity, cloud and cybersecurity solutions to the global online gambling industry.

INT3L

INT3L

The INT3L group (formerly Defentek) is a provider of national security and intelligence solutions, systems and services.

Instil Software

Instil Software

Instil helps technology brands transform, innovate and disrupt their markets with category-defining software products that challenge us to think, feel and act in new ways.

Maverits

Maverits

At Maverits, we are on a mission to reshape the cybersecurity landscape. We offer a wide range of services, including Threat Intelligence, Incident Response, Consulting & Training.