BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

ABC foul-up sees users' data exposed

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Thu, 7 Oct 2010 02:01:00 -0400
http://www.zdnet.com.au/abc-foul-up-sees-users-data-exposed-339306410.htm

The Australian Broadcasting Corporation (ABC) has sent an email to
players of its latest augmented reality (AR) game "Bluebird", saying
that names, email addresses and passwords were available for download
via an archive for almost a month.

The Bluebird project was live for six weeks from the end of April as
an online interactive drama game. Following the game's conclusion, the
ABC sought to archive content from the game into a downloadable Adobe
AIR version.

The ABC confirmed a Lifehacker report that a breach had occurred.
Carolyn McDonald, head of marketing for ABC Innovation, told ZDNet
Australia that between 9 September and 4 October, the names, email
addresses and passwords of 880 Bluebird players were visible via the
Adobe AIR archive.

She said that "in creating [the archive, ABC] transferred some files
to make the AIR version and in doing so that's where the breach has
occurred".

"Email address, usernames and passwords of each of the players was
available unencrypted if you downloaded the PC version," she added.

McDonald understood that only the PC version of the AIR file is
susceptible to the vulnerability.

While the file in question was reportedly downloaded only three times,
the ABC is still taking the breach seriously.

The ABC contacted Bluebird's 880 users informing them of the error and
strongly advised them to change any shared or common passwords.

"Whilst the exposure to these details is considered low, we would
advise you to change your user credentials (eg, shared passwords for
other sites), as appropriate," the email said.

Both McDonald and the broadcaster apologised for the error.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Take CREDANT Technologies short survey on cloud usage and security.
Take the survey: http://www.surveymonkey.com/s/TXDR7WT
Respond by October 12, 2010.
Enter to win a $500(US) Amazon Gift Card.
Previous By Date Next
Previous By Thread Next

Current thread: