Moonpig hacked, Emial IDs, passwords compromised


The online personalized card company, Moonpig, has blocked an unspecified number of accounts of customers after users’ details were published online.

According to the company’s website, customers’ email addresses, passwords and account balance had been made public. However, they stress that the source of passwords was not their site, but from other online sites where users use similar passwords.

“As a precautionary measure, we promptly closed our Moonpig site and apps to help us investigate and contain this issue. Following these investigations, we now have strong evidence that the customer email addresses and passwords we identified were taken previously from other third party websites, and not directly from Moonpig.com."

"This data was then used to access the account balances of some of our Moonpig.com customers. As a reminder, we do not store full credit card information ourselves so this data was not accessible in any event.”

Moonpig  has contacted affected customers, and advised  them to  reset their passwords and ensure that they are not reusing the same passwords anywhere else on the net

Team GhostShell are back with a bang

 
They are back again after almost three years! Team GhostShell, a well-known hacking group, has returned with hacks and database leaks.

The hacking group claims to have leaked data from various websites within 24 hours.

On June 29, the team posted on twitter links to a number of Korean and Japanese websites, educational portals, university websites and travel websites which they claim to have hacked.

The posted websites and services do not appear to follow a particular trend or pattern so it is believed that the sites have been hacked.

Lee J, a security researcher, posted on Cyber War News that when he contacted TeamGhostShell, they had explained that not all data is going to be leaked from targeted sites and as an example of this got shown an exclusive set of data from an Australian cloud provider (redacted for now) which contains 1,500+ full banking information such as full names, home addresses, mobile contact numbers, contract dates and probably worst of all Tax file number (TFN). The provider has been contacted at time of publishing.

According to him, till the date, 444 different databases have been dumped from various sites and sub-domains mostly being education and government based.

“A basic scan of these sites has shown that there is a heap of accounts leaks, over 17,700 have email and password combinations as well as many other user name and password combinations as well,” he added.

“I have been told in a conversation with TeamGhostShell that they plan to leak data until they are caught,” he said.

He said that the team has added pastebin.com account with a paste titled “Dark Hacktivism- Information is everything”.

It is said that this is not the end. There are a lot more data to come over in coming days or weeks.

iiNet urges its Westnet users to change their password after an alleged hack of customer database


iiNet, Australia's’ second largest internet service provider, has urged its more than 30,000 Westnet internet users to change their passwords after a hacker claimed to have gained access to the customer database and put them on sale.

According to a tweet posted by Cyber War News, the unknown hacker claimed to have hacked important details of the customers like passwords, email-addresses, telephone numbers etc.

He is now offering to ‘sell or trade’ Westnet's customer database.

However, he has not mentioned any rate for the information.

Matthew Toohey, chief information officer at iiNet, told Mashable Australia that the hack, which could be an unauthorized access to old customer information stored on a legacy Westnet system, was under investigation and had been reported to law enforcement agencies.

"iiNet takes the privacy and security of customer information extremely seriously," he said. "The 30,827 impacted customers are being contacted with a recommendation they change passwords associated with their accounts as this is the most effective way to ensure security. As a precaution, additional steps have been taken to increase the monitoring of impacted accounts."

The system is now offline.

Adult dating site hacked to leak intimate secrets of 4 million users

Hackers have targeted one of the largest online dating sites of the world, Adult Friend Finder to leak personal data of four million users.

The stolen data includes the sexual orientation of the users, their sexual preferences, and might even potentially reveal who are the ones seeking extramarital affairs. The data also includes email addresses, usernames, dates of birth, postal codes and unique internet addresses of users' computers.

The hack is estimated to have affected 4 million users, including users who have requested the site for a deletion of their accounts.The leaked information contain addresses linked to dozens of government and armed services personnel and members of the British Army.

Channel 4 news, who have been actively tracking such incidents of hacking and information release to the Deep web have found a secretive forum in which a hacker nicknamed ROR[RG] posted the details of users of Adult Friend Finder.

Shaun Harper is among those whose details have been published. Harper, who had requested his account to be deleted stated that, "The site seemed OK, but when I got into it I realized it wasn't really for me, I was looking for something longer term. But by that time I'd already given my information. You couldn't get into the site without handing over information. He added, "I thought the information had gone. These sites are meant to be secure."

Mr. Harper has been targeted with a spate of spam emails ever since his information was leaked. Experts are of the opinion that hackers will further sift through the leaked data to zero down on potential blackmailing targets.

FriendFinder Networks Inc, the owner of Adult FriendFinder have already started working with law enforcement to investigate the matter and have assured customers of strong action in case they are affected.

Kelly Brooks personal photos leaked online

US sitcom 'One Big Happy' star Kelly Brooks has become a target of hackers for the second time after a set of 24 nude photos of her were posted online by hackers.

The photos show the actress in various intimate poses in her bedroom. Kelly had fallen victim to a celebrity hacking scandal last year also in which thousands of photos of various celebrities were posted online in one of the biggest scandals of such kind.

Her ex-fiancee David McIntosh also features in the photos. The last time Kelly fell prey to such activity, 34 of her private photos had been posted online.

Prior to all the scandals, Kelly had tweeted, "The only nude photos you'll see of me are the ones that I leak and the ones my head is superimposed on!"

European Cyber Army leaks 60k credentials compromised from Syrian sites


More than 60,000 accounts details have been leaked by a hacker from European cyber army(ECA) going by handle "Zer0Pwn".

The database dump is said to be compromised from two syrian websites : job.sy and realestate.sy.

Hacker posted a sample data in a paste(http://pastebin.com/7Y13ULux) entitled "ECA vs. Assad" along with a link to full database dump.  The dump contains names, email ids, passwords, phone number and other details.

While the passwords compromised from job.sy are encrypted, the passwords from realestate.sy are in plain text format.

Lee J from Cyber War News analyzed the full database dump and reported that database dumps from realestate.sy contain more than 4000 unique login credentials and database dumps from jobs.sy contains more than 50,000 login credentials.

Some other members from ECA has attacked syrianmonster.com and compromised admin's login credential.