Orange.fr hacked, details of 800,000 customers stolen

Unknown Hackers have breached the website of Telecoms giant Orange and have compromised details of 800k customers from the www.orange.fr.

According to PCINpact, My accounts page of website has been targeted by hackers on January 16.  Hacker have gained access to personal data including names, email IDs, phone numbers, mail addresses and other details.

Orange states claims only personal information have been accessed by hackers, passwords have not been compromised in the Data Breach.  Customers' bank account numbers are stored in separate server which is not impacted by this breach.

Few hours after became aware of the intrusion, the ISP immediately closed the "My Accounts" page to prevent further attack.  The security hole responsible for the breach is said to have been closed.

The company said only 3% of its customers impacted by the breach.  In an email sent to affected customers,  the company warned them that the stolen data can be used by cyber criminals to launch phishing attacks.

The company has filed a complaint about the breach and working with Police.

World's Largest Bitcoin poker SealsWithClubs website hacked

 
It appears any websites that do Bitcoin transactions are coming under the radar of Hackers.  SealsWithClubs is the latest victim.

Online Poker service SealsWithClubs which is claimed to be the world's largest bitcoin poker site has admitted their database server containing user credentials compromised by the hackers.

They said the stolen passwords are hashed and salted but urged users to change their password. If you used the same password anywhere else, you are recommended to change there also as precaution.

Ars Technica pointed out a link to the InsidePro forum's post in which an user with online moniker "StacyM" has asked other users to crack 42,000 hashed passwords.

StacyM is offering $20 in Bitcoins for every 1000 unique cracked passwords. Thousands of passwords have already been cracked. He didn't mention the source of those hashes. However, some cracked passwords such as "sealswithclubs", "pokerseals" is appeared to be from the SealsWithClubs website.

SealsWithClubs promises to improve the security measures in the near future including 'ability to permanently lock withdrawal address', 'lock accounts account access except for certain IP addresses'

CBP.gov and OPM.gov hacked by Tunisian Cyber Army & Al-Qaeda Electronic Army

Following the Pentagon and State.gov security breach, the Tunisian Cyber Army and Al-Qaeda Electronic Army has attacked two more United States Government websites.

Today, they have targeted the U.S. customs and Border Protection (cbp.gov) and Office of Personnel Management (OPM.gov). 

The team managed to extract the information from the target database by exploiting the critical SQL Injection vulnerability in those websites.



TCA team told EHN that they have compromised information such as username, encrypted passwords(they managed to crack), private emails.

In an email sent to E Hacking News, the hacker provided the vulnerable link of both websites.  For a security reasons, we are not disclosing the links here.

The hack is part of the their ongoing operation called as "#OpBlackSummer", an operation against U.S.  So far, they have hacked large number of websites and compromised data. The hacker said their next target is Gas and Petroleum companies.

Islami Bank Bangladesh website hacked by Human Mind Cracker

The Tunisian hacker 'Human Mind Cracker' who discover critical vulnerability in high profile website, come with another interesting vulnerability finding. He discovered SQL Injection Vulnerability in one of the Bangladesh Bank website , "Islami Bank Bangladesh Ltd"(islamibankbd.com).

In an email sent to EHN, the hacker provided the vulnerable link and a link to the dump(heypasteit.com/clip/0MWN).

"The vulnerability was SQL injection...I report it many times..but they didn't reply and they didn't fix it yet...So I get into their database." Hacker said in the mail.

The dump contains database details, encrypted password, email address, admin id and password.


He also discovered Cross Site scripting security flaw in Feedback sending page of Islami Bank.

This is not the first time the Bank sites are being targeted by Human Mind cracker.  Last time, he discovered SQLi in Tunisian Bank site. 

The hacker always like to be a Grey Hat hacker and like to help the admin of site by reporting the vulnerability. But the admin fails to respond and fails to patch the security flaw.

#OpRollRedRoll: AnonAcid leaked records of 50,000 Steubenville, Ohio Citizens



A Hacker with Twitter handle AnonAcid has claimed to have leaked the records of more than Steubenville,Ohio residents as part of the operation called
"OpRollRedRoll".

The campaign has been launched after news broke out that authorities might be protecting members of the Steubenville football team accused of abusing a 15-year-old girl.

The hacker uploaded the dump in Mediafire.  According to his pastebin post, the leak contains address,emails,personal information,dates of births,current address,phone numbers,names,state,country,city,current location,firstname, lastname, middlename, many many more.

The hacker didn't mention the origin of the data .

http://pastebin.com/Pf6HMATe


"City Of Steubenville,Your justice system is broke and needs to be fixed maybe this might help a little. Bring justice to the girl who was raped " The hacker wrote in the post.

He also published a list of individuals suspected of being involved in the abuse and demands that they be sent to jail.

Hackers breached SC Department of Revenue and steal 3.6M SSNs, credit card data

one of the largest computer breaches in the South Carolina:

hackers breach

Hackers breached the South Carolina Department of Revenue website(sctax.org) and steal sensitive information belong to 3.6 Million South Carolina taxpayers .

The data stolen by hackers includes 3.6 Million social Security Numbers(SSN) and 387,000 credit card and debit card numbers.

The S.C Department of Revenue became aware of the breach on October 10 but the investigation revealed the intrusion occurred in mid-September.  The vulnerability exploited by hacker has been fixed on October 20.

The state is offering affected taxpayers with one year of credit monitoring and identity theft protection from Experian.

If you are one of the person who filed a South Carolina tax return since 1998, you are urged to visit protectmyid.com/scdor or call 1- 866-578-5422 to determine if their information is affected. If so, then you can immediately enroll in 1 year of identity protection.