dslreports user password information breached

[security curmudgeon <jericho () attrition org>]

http://www.dslreports.com/forum/r25793356-site-user-password-intrusion-info

Forums > The Site > DSLReports.com > Site Bugs > site user password intrusion info

site user password intrusion info
Quick Q+A

For the accounts compromised, what was obtained?
registration email address and user picked login password

Nothing else?
No.

When did it happen
> From 2pm wednesday to about 6pm wednesday, during which time the site was 
timing out and acting up

When did the warning emails go out
They started to be generated about midnight that same night, and all 
compromised passwords were reset at that time

Who/what did the hack
A large network (botnet) of compromised windows machines, circumventing 
individual IP access limits on unusual activity. The attack was blocked 
before it had completed more than 8% of its work.

What is the likely use for the data gained
Gaining access to email accounts, gaining access to accounts at 
paypal/google/amazon/facebook/twitter or other big sites where login is 
via email and password.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/