European Space Agency hacked, sensitive data released publicly (fwd)

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://thenextweb.com/eu/2011/04/18/european-space-agency-hacked-sensitive-data-released-publicly/

By Matt Brian
The Next Web
April 18, 2011

It is reported that yesterday the European Space Agency (ESA) website was 
compromised by a hacker, opening up sensitive project logs and exposing 
hundreds of email addresses and passwords associated with some of Europe?s 
top science institutes.

The hacker, known by the alias TinKode, posted a full disclosure of the 
attack on his website, highlighting FTP accounts, database users, hashed 
passwords as well as SHA1-hashed server root password. Perhaps a little 
more worrying for the ESA was that fact the attacker was also able to 
access some of the agency?s space projects including satellite activities, 
calibration sources and environmental details.

Despite showcasing the data stolen in the attack, the hacker did not 
disclose how the ESA website was compromised.

Administrator and editor credentials were discovered to be in plain text, 
as were user email addresses and passwords, which look to consist of 
serveral CERN science institute employees, staff at defence corporation 
BAE Systems and many other contractors and companies linked to the agency.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/