Hackers Impersonate Web Billing Firm's Staff To Spill 500, 000 Users' Passwords And Credit Cards (fwd)

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
To: Infowarrior List <infowarrior () attrition org>


Begin forwarded message:

> From: Duane
>
> http://www.forbes.com/sites/andygreenberg/2012/05/22/hackers-impersonate-web-billing-firms-staff-to-spill-500000-users-passwords-and-credit-cards/
>
> Hackers Impersonate Web Billing Firm's Staff To Spill 500,000 Users' Passwords And Credit Cards
> Andy Greenberg, Forbes Staff
> 5/22/2012 @ 11:26AM
>
>
> British Web billing firm WHMCS is reeling from an attack that spilled 
> its user accounts, deleted reams of data, temporarily took its site 
> offline, and hijacked its Twitter feed?all seemingly the result of a 
> smooth-talking hacker con.
>
> A WHMCS spokesperson wrote in a statement Tuesday morning that hackers 
> had successfully impersonated him to fool the company?s Web host into 
> giving them access to the company?s account details. ?This means that 
> there was no actual hacking of our server,? the spokesperson wrote. 
> ?They were ultimately given the access details.?
>
> The intruders, a hacktivist group that calls itself UGNazi, ultimately 
> leaked a 1.7 gigabyte trove of data from the British web hosting firm 
> that includes 500,000 users accounts according to the UK tech news site 
> the Register, including some number of credit card details. The company 
> wrote in an earlier statement that the hackers accessed both users? 
> passwords and their payment details, and that both sets of data were 
> encrypted, though company warned that the credit cards may nonetheless 
> be at risk, and that users should change their passwords.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.