One Massive Hack Last Year - Nobody Noticed!

Uploaded on 2016-05-06 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW


The MD5 message-digest algorithm is a widely used cryptographic hash function

Hackers last year quietly stole a database containing the details of over 57 million people. The breach has only come to light this week, after the stolen data was put up for sale on the dark web.

The breach data contains data spanning three years between 2012 and 2015, including usernames, email addresses, and passwords that were hashed with the MD5 algorithm, which nowadays is easy to crack. Many cell phone numbers and Facebook usernames are also in the cache.

Many of the email addresses in the leaked database are associated with major companies, like Apple, Twitter, and Google, as well as Western government departments and agencies. It comes just a day after a similar, yet unrelated breach of user data.

A grey-hat hacker, who goes by the name Peace, obtained a copy of the stolen data from Russian hackers, and provided a number of files containing the breached data to ZDNet earlier this week. Security expert Troy Hunt, who runs breach notification site Have I Been Pwned, helped analyze and verify the data. Hunt found over 52.5 million unique emails in the cache, suggesting the vast majority of data has not been previously leaked.

But here's the twist: nobody can say for sure where the data came from.

Peace said in an encrypted chat that the data was stolen from a well-known dating site, Zoosk, which has more than 33 million users, by allegedly exploiting vulnerabilities in the website's outdated software. The hacker declined to give specific details. Peace then put the breached database, about 4.6 gigabytes in size, up for sale on a dark web marketplace for 0.8 bitcoins, which at the time of posting was about $400 per download.

Zoosk denied that it had been hacked after examining a sample of the cache, citing inconsistencies in the data. "None of the full user records in the sample data set was a direct match to a Zoosk user," a spokesperson said in an emailed statement.

Although a fraction of the email addresses in the sample matched Zoosk accounts, the spokesperson said that this was likely attributable to using the same email on different sites, which many do.

Hunt reached out to some who were named in the breach. Several users were able to confirm that the email address they used on Zoosk roughly matched up to the date they registered, but others vehemently denied altogether that they had used the site.

Rasmus Poulsen, whose email address and password was found in the breach, said he "wasn't as shocked" as he thought he would be, he said in an email. "Luckily I'm in the process of implementing LastPass on all sites and services that I use, so the security impact isn't as bad as it could be," he added.  Like others, he used the same email address for different services, including Badoo, he said.

He confirmed that while he had previously signed up to Zoosk, it wasn't with the email address used in the breach. "It would have come from Badoo and not Zoosk," he said.

Badoo, headquartered in London, UK, stands as one of the largest dating websites in the world with more than 300 million users signed up to date. A spokesperson for Badoo denied that it had been hacked. "Badoo has not been hacked and our user records [and] accounts are secure. We monitor our security constantly and take extreme measures to protect our user base. We were made aware of an alleged data breach, which upon a thorough investigation into our system, we can confirm did not take place," said a spokesperson.

According to Hunt's data analysis, there are about 88,000 emails containing "badoo.com." When we examined further, many of these appeared to be internal corporate accounts used for testing purposes. Many of these accounts had the same or similar passwords.

In an email, Badoo founder Andrey Andreev confirmed the existence of about 19,000 test email accounts in the stolen database. He said the company will "use these [accounts] to test our competitors' products as well."

"Any Badoo test accounts expire after a maximum of 30 minutes and they cannot be accessed externally," said Andreev. When pressed, he would not say which services these accounts were registered with because Badoo does "not store the details as they are removed so quickly."

Many thousands of other Badoo email accounts in the database appeared at "@mobile.badoo.com." These accounts are associated with those who sign up with their cell number, which is turned into an internal Badoo email address. Andreev confirmed in a follow-up email that this is how Badoo stores users' cell numbers when they sign up.

But neither Andreev or a Badoo spokesperson could not say how or why this data was part of the stolen database, but maintained that it had not been hacked. "We have over 30 million phone registrations out of our 300 million registrations. Please take this as an indicator that the information provided to you is not the result of a database breach, but rather must have come from a different source not supplied by Badoo," the spokesperson said.

Andreev also added that the company uses "a different form of one-way encryption" than MD5, but would not say what.

Nobody has claimed the leaked data as their own, but it almost doesn't matter.
Now that millions of usernames and passwords are sitting in a dark web marketplace, and ready to be bought for a rock-bottom price, the damage is already done.
ZD Net: http://zd.net/1Wcol4M

« E-stonia: Antithesis of Russia
Future Intelligence Sharing In the Syrian War »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIIS Cyber Initiative

MIIS Cyber Initiative

The Cyber Initiative's mission is to assess the impact of the information age on security, peace and communications.

Mi-Token

Mi-Token

Mi-Token is an advanced two-factor authentication solution that offers unparalleled security, flexibility, cost-effectiveness and ease of use.

STMicroelectronics

STMicroelectronics

ST is a global semiconductor leader delivering intelligent and energy-efficient products and solutions that power the electronics at the heart of everyday life.

Ovarro

Ovarro

Ovarro is the new name for Servelec Technologies and Primayer. Ovarro's technology is used throughout the world to monitor, control and manage critical and national infrastructure.

Secardeo

Secardeo

Secardeo is a provider of corporate solutions using digital signatures and certificates. Our solutions enable the user transparent end-to-end encryption of e-mails between organizations.

TEISS

TEISS

Teiss.co.uk is a website dedicated to providing information about cyber security. TEISS also provide a series of conferences and events focused on cyber security.

Redborder

Redborder

Redborder is an Open Source network visibility, data analytics, and cybersecurity Big Data solution that is scalable up to the needs of enterprise networks and service providers.

ERI

ERI

ERI is the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States.

NETRIO

NETRIO

If you are looking for a highly mature, exceptionally competent Managed Service Provider, NETRIO has solutions to keep your business running at warp speed with zero disruptions.

Censys

Censys

Our customers rely on Censys data to get the global visibility they need of their attack surfaces in order to proactively prevent nation-state attacks and emerging threats.

Secura B.V.

Secura B.V.

Secura is an independent specialized cybersecurity expert, providing insights to protect valuable assets and data.

Edgile

Edgile

Edgile is the trusted cyber risk and regulatory compliance partner to the world’s leading organizations, providing consulting, managed services, and harmonized regulatory content.

Skudo

Skudo

Skudo is dedicated to creating innovative best-in-class solutions that protect data exchange with the highest level of security and privacy.

Cybrella

Cybrella

Cybrella offers professional cybersecurity services for small to medium sized businesses and to larger enterprises looking to expand their cybersecurity capabilities.

AB Handshake

AB Handshake

AB Handshake offers a game-changing solution for telecom service providers that eliminates fraud on inbound and outbound voice traffic.

Vancord

Vancord

Vancord is an information and security technology company that works in collaboration with clients to support their infrastructure and data security needs for today and tomorrow.