In a chat lasting over an hour, we got to talk to a person claiming to be the infamous hacker behind RockYou’s latest data security woes.
While he claimed to have no animosity toward users, he had one clear message for websites: Take better care of your customers’ data. RockYou isn’t the only hacked site storing plain text login information, either.
What Happened
To bring us all up to date, here’s the gist of the story so far: The hacker, who we’ll call Tom (not his real name) for brevity’s sake, tells us that he used an SQL injection to gain direct access to RockYou’s database, where he found login information for more than 32 million user accounts. The data was all in plain text and contained third-party site logins, as well.
Tom sat on this information for a while. Although he’s posted about similar hacks in the past, he also claims to have exposed the same vulnerabilities and gained access to the same kind of data for many major U.S. sites. Tom wouldn’t reveal which sites he’d hacked, but he did say that he has no intention of using or publishing the data he’s unearthed.
But yesterday, incensed by this warning from an Internet security company and RockYou’s claims that only some accounts had been compromised by the security breach, Tom posted about the hack on his blog.
We (along with several of our peers) were tipped off to the situation via Twitter, and TechCrunch has since written two posts about the data breach.
Read more here.
No comments:
Post a Comment