BreachExchange mailing list archives
ABC foul-up sees users' data exposed
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Thu, 7 Oct 2010 02:01:00 -0400
http://www.zdnet.com.au/abc-foul-up-sees-users-data-exposed-339306410.htm The Australian Broadcasting Corporation (ABC) has sent an email to players of its latest augmented reality (AR) game "Bluebird", saying that names, email addresses and passwords were available for download via an archive for almost a month. The Bluebird project was live for six weeks from the end of April as an online interactive drama game. Following the game's conclusion, the ABC sought to archive content from the game into a downloadable Adobe AIR version. The ABC confirmed a Lifehacker report that a breach had occurred. Carolyn McDonald, head of marketing for ABC Innovation, told ZDNet Australia that between 9 September and 4 October, the names, email addresses and passwords of 880 Bluebird players were visible via the Adobe AIR archive. She said that "in creating [the archive, ABC] transferred some files to make the AIR version and in doing so that's where the breach has occurred". "Email address, usernames and passwords of each of the players was available unencrypted if you downloaded the PC version," she added. McDonald understood that only the PC version of the AIR file is susceptible to the vulnerability. While the file in question was reportedly downloaded only three times, the ABC is still taking the breach seriously. The ABC contacted Bluebird's 880 users informing them of the error and strongly advised them to change any shared or common passwords. "Whilst the exposure to these details is considered low, we would advise you to change your user credentials (eg, shared passwords for other sites), as appropriate," the email said. Both McDonald and the broadcaster apologised for the error. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Take CREDANT Technologies short survey on cloud usage and security. Take the survey: http://www.surveymonkey.com/s/TXDR7WT Respond by October 12, 2010. Enter to win a $500(US) Amazon Gift Card.
Current thread:
- ABC foul-up sees users' data exposed Jake Kouns (Oct 06)