Hacker invades MuchMusic's Web site, lifts entrants' telephone numbers, ages

[InfoSec News <isn () c4i org>]

[While its rare for me to post news about website defacements, unless
its a high profile site, like ACM, NASDAQ, or Attrition. :) I feel a
need to post news about this defacement only because I *USED* to watch
a great deal of MuchMusic's late-night programming in the USA. That is
until the powers that be in Toronto decided they should drop a huge
chunk of their Canadian programing and start a channel like MTV, 
(a network still confused on what the M in MTV stands for), and start
a whole new channel in the USA called MuchMusic.tv. Now not to sound
like this is a rant. :) but one of the highlights of watching
MuchMusic in the USA, was Ed the Sock, http://www.edthesock.com/ &
with the new American programing, one of the Canadian programs to get
nixed was Ed's show. While this is a show of a sockpuppet, Ed has some
really fresh & bright viewpoints on pretty much everything, and its
actually worth watching in a world of 500+ channels.   - WK]


http://www.canoe.ca/NationalTicker/CANOE-wire.MuchMusic-Hacked.html

TORONTO (CP) [Aug. 24, 2001] - MuchMusic warned Thursday that some
people who entered a contest on its Web site may have had their
private information seized by a computer hacker.

"We are sending this important message to alert you to the fact that
we have reason to believe that our contest databases may have been
compromised," reads an e-mail sent to contest entrants.

Contestants gave their ages, telephone numbers, age, and other
personal information when they visited the music channel's site.

The issue came to light after some entrants received prank phone calls
from someone claiming to be a MuchMusic employee.

"We are taking these complaints very seriously and have launched an
investigation," the MuchMusic e-mail reads.

An advisory on channel's Web site Thursday night explained how to
identify a phone call from a legitimate MuchMusic employee and urged
kids under 18 to alert their parents if they receive a prank phone
call.


-=-


http://www.muchmusic.com/contestadvisory.html

IMPORTANT SECURITY ADVISORY TO MUCHMUSIC CONTEST ENTRANTS

We are sending this important message to alert you to the fact that we
have reason to believe that our online contest databases may have been
compromised.

Keeping your personal information confidential and secure is very
important to us and we have taken appropriate steps to ensure that all
such data remains private. However, as the Internet is not a 100%
secure environment, there is the potential for your personal data to
get into the wrong hands.

Recently, we learned that some of our contest entrants received
"prank" phone calls from people pretending to be MuchMusic employees.
We are taking these complaints very seriously and have launched an
investigation.

If you receive a call from anyone telling you they are from MuchMusic
and they ask you to do anything OTHER than to dial our headquarters at
416 591 7400 followed by a four-digit extension, HANG UP. This is a
prank phone call.

If you are the victim of such a prank phone call and are under the age
of 18, IMMEDIATELY tell your parents what has happened.

In addition, the phone company suggests that you do the following:

- dial *69 immediately following the prank phone call to identify the
number of the caller. Write down the number and alert your local
telephone company.

- In the event the number is blocked, dial *57. This registers the
call with your phone company. For further advice, you should then
contact your phone company by dialing "0".

Please note that the phone company bills you for these *69 and * 57
services.

HOW WILL I KNOW IF SOMEONE FROM MUCHMUSIC IS CALLING ME ABOUT A
CONTEST?

Heres how you can tell a real MuchMusic contest call from a prank
call: youll get a call between 9 a.m. and 7 p.m. local time from
someone in either the MuchMusic Promotions department or the MuchMusic
Website department. That person will simply give you their name, say
theyre from MuchMusic, and ask you to call back MuchMusic headquarters
at 416-591-7400, followed by a 4-digit extension. When you call back
that number, you will reach that same MuchMusic employee or her/his
voicemail. That SAME person will then call you back and start the
contest process.

If you have any questions, please send an email to
contests () muchmusic com. Please make sure to put the following in the
subject line: "Contest Security Question".




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.