BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Australian Broadcasting Corporation confirms hack

From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Wed, 27 Feb 2013 09:16:19 -0500
http://www.zdnet.com/au/australian-broadcasting-corporation-confirms-hack-7000011876/

A hacker going by the handle "Phr0zenMyst" has claimed to have hacked
a subdomain belonging to the Australian Broadcasting Corporation
(ABC), leaking the details of its users.

The hacker but did not disclose which subdomain it claims to have
breached, but has published a database dump of users on the site.
Information includes the names, ages, email addresses, hashed
passwords, Australian hometowns, genders, and IP addresses of users.
In some cases, the latitude and longitude details have also been
provided.

ZDNet found that these coordinates are primarily based in Australia,
further pointing to the local origin of the database, but are only
accurate to about 10km in many instances. Many of the email addresses
also use Australian internet service providers (ISPs).

On the morning of the incident, ABC head of Corporate Communications
for ABC Corporate Affairs Sally Cray told 774 ABC Melbourne that it is
aware of reports on the attack, but could not confirm whether an
actual attack had taken place.

"We don't want to alarm anybody. We just want to look into the matter
fully before we realise what's gone on," Cray told 774 ABC Melbourne.

We are aware of reports of a security breach on an ABC site. We are
investigating the matter and will keep you updated

— ABC Australia (@ABCaustralia) February 27, 2013

The motive behind the attack appears to be retaliation for providing
Dutch MP Geert Wilders with a 20-minute slot on ABC's Lateline.
Wilders is known for his anti-immigration and anti-Islam stance, a
view that has prompted Anonymous to begin a campaign against Wilders
known as #opWilders.

ABC hacked for giving a platform for Geert Wilders to spread hatred
#OpWilders - database leaked!pastebin.com/J3ceSWMw

— Phr0zenMyst (@Phr0zenM) February 26, 2013

Later in the day, ABC confirmed in a statement that it had in fact
been subject to a breach of a subdomain for its Making Australia Happy
television program in 2010.

"At this stage, we are still investigating the details of the breach.
However, we do know that it has exposed the name, username, and a
hashed version of the password that audience members used to register
on the program website. As soon as the ABC was made aware of this
activity, the site was shut down," the statement said.

The website in question is currently offline.

"This breach originated at an overseas location, and an activist has
claimed responsibility for it.

"The ABC will be in contact with audience members who have been
directly affected."

Updated Wednesday, February 27, 2012 at 2.24pm AEDST: Added
confirmation from ABC.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.
Previous By Date Next
Previous By Thread Next

Current thread: