fringe: Programmers accused of hacking 2.3 million IDs

[security curmudgeon <jericho () attrition org>]

[Although the article uses "personal information", the focus is on
 authentication credentials. It isn't clear the extent of the information
 compromised on these sites. - jericho]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://joongangdaily.joins.com/article/view.asp?aid=2903657

By Park Yu-mi, Kim Mi-ju
JoongAng Daily
April 16, 2009

Two computer programmers were indicted yesterday on charges of hacking 
into Web sites and obtaining personal data of 2.3 million persons and 
using part of that information to post spam advertisements on Naver and 
other Web sites.

According to investigators at the Seoul Central District Prosecutors’ 
Office, the pair allegedly hacked into more than 100 Web sites from 
January 2008 until February of this year.

They targeted Web sites for games, florists, real estate agencies and used 
car dealerships that have vulnerable security systems.

“They developed their own computer program to sort out whether some of 
the users’ stolen IDs and passwords collected from various Web sites 
were identical to Naver IDs and passwords,” said Roh Seung-kwon, the 
prosecutor in charge of the case.

The suspects took advantage of the practice by some Internet users of 
using the same ID and password to access different Web sites, he added.

[..]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss