BreachExchange mailing list archives
Australian Broadcasting Corporation confirms hack
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Wed, 27 Feb 2013 09:16:19 -0500
http://www.zdnet.com/au/australian-broadcasting-corporation-confirms-hack-7000011876/ A hacker going by the handle "Phr0zenMyst" has claimed to have hacked a subdomain belonging to the Australian Broadcasting Corporation (ABC), leaking the details of its users. The hacker but did not disclose which subdomain it claims to have breached, but has published a database dump of users on the site. Information includes the names, ages, email addresses, hashed passwords, Australian hometowns, genders, and IP addresses of users. In some cases, the latitude and longitude details have also been provided. ZDNet found that these coordinates are primarily based in Australia, further pointing to the local origin of the database, but are only accurate to about 10km in many instances. Many of the email addresses also use Australian internet service providers (ISPs). On the morning of the incident, ABC head of Corporate Communications for ABC Corporate Affairs Sally Cray told 774 ABC Melbourne that it is aware of reports on the attack, but could not confirm whether an actual attack had taken place. "We don't want to alarm anybody. We just want to look into the matter fully before we realise what's gone on," Cray told 774 ABC Melbourne. We are aware of reports of a security breach on an ABC site. We are investigating the matter and will keep you updated — ABC Australia (@ABCaustralia) February 27, 2013 The motive behind the attack appears to be retaliation for providing Dutch MP Geert Wilders with a 20-minute slot on ABC's Lateline. Wilders is known for his anti-immigration and anti-Islam stance, a view that has prompted Anonymous to begin a campaign against Wilders known as #opWilders. ABC hacked for giving a platform for Geert Wilders to spread hatred #OpWilders - database leaked!pastebin.com/J3ceSWMw — Phr0zenMyst (@Phr0zenM) February 26, 2013 Later in the day, ABC confirmed in a statement that it had in fact been subject to a breach of a subdomain for its Making Australia Happy television program in 2010. "At this stage, we are still investigating the details of the breach. However, we do know that it has exposed the name, username, and a hashed version of the password that audience members used to register on the program website. As soon as the ABC was made aware of this activity, the site was shut down," the statement said. The website in question is currently offline. "This breach originated at an overseas location, and an activist has claimed responsibility for it. "The ABC will be in contact with audience members who have been directly affected." Updated Wednesday, February 27, 2012 at 2.24pm AEDST: Added confirmation from ABC. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges.
Current thread:
- Australian Broadcasting Corporation confirms hack Erica Absetz (Feb 27)