Search This Blog

Showing posts with label Website Hacked. Show all posts

Mensa Website Hacked After Britain’s Smartest Folk Failed To Secure Passwords


The community of British Mensa, which is popularly known for its people with high IQs, they have failed to secure the passwords on their website properly and it has resulted in a massive heck of their sensitive credentials including their member’s personal data. 

According to the former director and technology officer at British Mensa, Eugene Hopkinson has made a statement that the organization had failed to secure the data of its 18,000 members accurately, the report reads in the FT. 

Hopkinson claimed, “that the stored passwords of Mensa members were not hashed, potentially allowing hackers to unscramble them”. The unprecedented security attack has become all the more serious this week when the people of the community acknowledged it had been the victim of a cyber attack. Currently, the Mensa website is unavailable and a message is displaying on the website which notifies that “site under maintenance”. 

In an emergency directors’ meeting, a Mensa member told the FT that “it was confirmed that the Mensa site had been hacked this morning, using the credentials of one of the organization’s directors. It was also confirmed that there were lots of Mensa members’ passwords stored in plain text. The society had sent him his password in plain text within the past year”. It has also been observed that several stashes of Mensa personal credentials have been posted onto the Pastebin website, whilst some data have been removed from the website. 

Hopkinson told the FT that “the Mensa website held lots of sensitive information on its members, including payment details, instant messaging conversations, and IQ scores of both current members and failed applicants. “If a breach is found to have taken place, I have no faith that the [Mensa] board and office will report it adequately... or take sufficient mitigating action to prevent further harm,” Hopkinson has written this in an open letter announcing his resignation. A fellow board member resigned in protest at the same issue. Meanwhile, a spokesperson for Mensa told the FT that “the data such as members’ passwords had been encrypted and that the organization was in the process of hashing passwords,”

Additionally, “the spokesperson has denied that passwords were ever sent out in plain text and that it had handed details of the cyberattack to Britain’s Information Commissioner with a view to pursuing a criminal investigation”. Mensa is a non-profit organization, which is only open to those people who score high marks in standardized IQ test such as in the 98th percentile

Google Project Zero Discovers Malicious Website Exploits which Affected iPhone Users

Researchers at Google Project Zero discovered an attack against iOS users which is present in the form of a malware hidden in hacked websites.

The malware stealthily installs itself for the users surfing any of the hacked websites, which have a readership base of thousands.

Once the malware is installed, it makes the iPhone act as a clandestine spying device which traces the contacts, location and messages, allowing hackers to get an overview of the victim's life and habits.

The malware extends the collection of data up to the popular third party apps such as Gmail, Whatsapp and Google Maps; it is configured to steal files and upload live location data of the owner.

The hub of white hat hackers, Google's Project Zero Division, which excelled in discovering multiple bugs and vulnerabilities, said that these attacks are based in a series of hacked sites, that were said to be randomly disseminating malware to iOS users.

The particular series of attack stands out as most of the attacks are more targeted in scope, however these attacks affected people who happened to surf one of the hacked websites.

Explaining  the issue, Ian Beer from Project Zero, says, "Real users make risk decisions based on the public perception of the security of these devices. The reality remains that security protections will never eliminate the risk of attack if you're being targeted. To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group.

"All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them."

Paraguay Embassy website hacked in Taiwan

Paraguay embassy website has been hacked in Taiwan by Kapustkiy, and the hacked database is published on

The leaked database is written in a chinese language which raises questions that there is the involvement of the Chinese hackers in this.

The targeted website is, they revealed the name of the current user:  cboss@localhost, targeted the SQL version of  4.1.22, current DB, and the system user.

The leaked database has six tables such as  the name of the company, their contact details,  downloads, news, pages, and the product. The table contact has five columns with 1119  entries and company table has nine columns with 55 entries.

The company table includes the company name, email-id, password, and ename. While, the contact table has a name, mobile number, and email id.

It has been less than a week when websites of the Indian embassy in seven countries has been hacked and published in the same  manner on the website (Pastebin).

EA Games website hacked to host Apple phishing page

A webserver belonging to the EA Games has been compromised by cybercriminals and it is now hosting a phishing page attempting to steal Apple IDs.

According to Netcraft report, hackers managed to break into the sub-domain by exploiting vulnerabilities in the outdated version of web calendar application.

The Web Calendar version 1.2.0 has a critical vulnerability that allows attacker to run arbitrary code.

The phishing page tricks users into handing over their login credentials for the Apple website.  After entering the Apple ID and password, it will display second form which asks to victim to enter card details, name, birth date, phone number and few other details.  Like the usual phishing pages, once victim submit the details, he will be redirected to legitimate apple site.

Netcraft says the hacker might also have gained access to the internal servers and other information.

"In this case, the hacker has managed to install and execute arbitrary PHP scripts on the EA server, so it is likely that he can at least also view the contents of the calendar and some of the source code and other data present on the server." The blog post reads.

BitStamp hacked, users are receiving spam mail containing malware

BitStamp which is said to be largest Bitcoin Exchange, has been breached and users are receiving spam mails containing a link to malware file.

BitStamp yesterday gave a warning to its users about a new phishing attack and urged users to ignore all emails with the subject "Bitstamp trading will be suspended for 24 hours".

A few days back, a BitStamp's user reported in reddit that he received a malicious email pretending to be from MtGox which asked to him to download a document saying "please sign the papers attached.  The malicious link given in the email led to page which distributes a malware with the extension '.pif'.

The user suggested that BitStamp mailing list might be compromised by attackers.  The attackers also appear to have sent spam mail pretending to be from BTC Guild and Eobot.  

BitStamp confirmed to owner of BTC Guild 'Eleuthira' that its mailing list has been compromised by attackers.  The security breach was reportedly happened before two weeks.

Thousands of Sites Possibly Hacked by Exploiting Plesk Zero-Day

Researchers says thousands of sites being hacked each day and some believe that the phenomenon may have something to do with a zero-day vulnerability that affects Parallels’ Plesk Panel.

According to Brian Krebs, the exploit, which works for sites running Plesk 10.4.4 and earlier versions, is sold on underground hacking forums for the price of $8,000 (6,300 EUR) by a member that’s known for providing reliable “products.”

The author, who even made available a point-and-click tool, claims that the exploit can be successfully utilized to obtain administrator password.

A few days ago, SC Magazin cited Sucuri Malware Lab experts who uncovered that around 50,000 websites had been breached. Since many of them were using Plesk, it’s possible that the attackers leveraged this flaw to hack them.

Furthermore, the recent attacks that involved pseudo-randomly generated domains, might have had something to do with the security hole in Plesk Panel, as Denis Sinegubko explains on the Unmask Parasites blog.

In the meantime, Parallels’ representatives have received a lot of complaints regarding a possible new vulnerability in Plesk 10.4 and earlier versions.

“We are currently investigating this new reported vulnerability on Plesk 10.4 and earlier. At this time the claims are unsubstantiated. We have not received any claims to confirm this vulnerability,” reads the security advisory published by the company.

On the other hand, their forums are full of users who state that their sites have been hacked even with all the patches applied.

“We had changed all the passwords as per the KB, and in less than 24 hours they were back in again with the new passwords. They hacked Plesk again using all the newly generated passwords,” one user wrote.

Until new information regarding this potential zero-day becomes available, Parallels’ recommends user to update their installations to Plesk Panel 11, which comes with numerous improvements in the security section.

XBox Live(XBL) Accounts hacked to buy FIFA 12 packs

As per the eurogamer report, Xbox 360 owners account is hacked in order to buy FIFA ultimate Team content packs. 

One of victim Speedjack reported to Eurogamer first about the compromise , who on 11th October found his gamertag had been "recovered" to someone else's machine.

"I then find out that I've had 5000 then 500 MS points bought on my credit card. Better yet, all the points including the 120 I had already on my account are gone... all spent on FIFA 12 content packs yesterday afternoon while I was at work.

"Not only that, but my account now has 35 FIFA 12 achievement points on it!!! Never played the game in my life - hate football."  Speedjack spoke to Microsoft support, which suggested there exists an issue with EA's servers that leaves XBL accounts vulnerable.

There is also a similar report on forum Facepunch, and multiple users' reports on the forum.

In order to Investigate complaints ,Microsoft support freezed compromised accounts up to 30 days.

Firefox Russian Website hacked and defaced by T34M PakleetS website is hacked and defaced by T34M Pakleets.
This is what hacker said:
HackeD by T34M PakleetS

Everyday Someone Get Hacked Today is your Day

FirefoX ? O_o

Impossible only means it has not been done... Now watch what I can do

" Jus a Security Reminder"

KhantastiC HaXor - InnOcent HaCker

Th3 Vip3R - ReXor haXor

T34M PAKleetS
Defacement Screenshot: hacked Credit Card info of 30264 users Compromised is hacked using the SQL injection( =*** - shortened link!) Vulnerability.  He did this by his own admission, to protest against the sale of user data to a third party operator. So far, only censored excerpts from the database of all 30 264 users of were published. However, all data should be made public operators


Press Release from Freedom fights and the Green party hacked

@ForFreed0m has released a press release and dump of info from the Green Party in name of #antisec.

This is what they said:
To every man, woman & child… We want an end to the glamorization of negativity in the media. We want an end to status symbols dictating our worth as individuals.

We want a meaningful and free universal education system. We want substance in the place of popularity. We will not compromise who we are to be accepted by the crowd. We want the invisible walls that separate by wealth, race & class to be torn down. We want to think our own thoughts. We will be responsible for our environment.

Dear internetz, today we bring you our release from “Freedom Fighters”. I laugh at the New World Order trying to enslave us via the media and politicians lying, we want an end to the biased press whom want to destroy our freedoms via fear. Fear is the way how the globalist’s want to control us, controlling our laws and establishing a police state which is what we are fighting against. We want our god given rights on privacy and being able to use our founding laws to control the government, not the government controlling us. We don’t want the government to be groping us in airports, we don’t want the government to enforce statutes to support the bankers but not support the citizens, we want a free government who listens to the citizens of the situating country and not listen to the globalist’s. This is why humans have revolutions for example: Libya. The Libya citizens fought up against the regime because they thought they were being suppressed and cruelly controlled. That is because we are humans and not robots, good day to you.

Our twitter: @ForFreed0m GO THERE FOR UPDATES

The Release Details:-

Oh herro Green Party, we just hacked you #Antisec

FirstName LastName Address Address2 CityHome StateHome ZipHome Phone Ofice_Email Gender Ethnicity Sexuality Under30 Disabili Active

Good day ‘ole chaps


Pastebin Link: