Reborn LulzSec claims hack of dating site for military personnel
An announcement posted by hackers on Pastebin links to what it says are details of 163,792 MilitarySingles.com users
IDG News Service - A group of hackers claiming to be the reborn Lulz Security (LulzSec) took credit for an alleged compromise of MilitarySingles.com, a dating website for military personnel, and the leak of over 160,000 account details from its database.
The group announced the MilitarySingles.com hack on Twitter and Pastebin on Sunday, using the name "LulzSec Reborn" and ASCII art previously associated with LulzSec, the hacker group that apparently disbanded and merged with the Anonymous hacktivist collective last year.
The Pastebin post included links to RAR archives hosted on public file sharing websites that allegedly contain the names, usernames, e-mail addresses, IP addresses, and passwords of 163,792 MilitarySingles.com users. "There are emails such as @us.army.mil ; @carney.navy.mil ; @greatlakes.cnet.navy.mil ; @microsoft.com ; etc.," the group wrote.
Someone claiming to be the administrator of MilitarySingles.com posted a comment on databreaches.net after the site reported on the breach, saying that there is no evidence of a compromise.
The comment also suggested that ESingles, the company which runs the dating website, is nevertheless investigating the claims and taking the necessary security precautions.
The message annoyed members of "LulzSec Reborn" who, in response, called the administrator "stupid" and uploaded a "hacked by" page to the website in order to prove that they have access to it.
ESingles didn't immediately return a request for comment.
The directory in which the rogue page was uploaded is unprotected and appears to contain internal files associated with the site's content management software. If the credentials used for the database connection are available in one of those files, it would make stealing the user information fairly easy.
The original LulzSec hacker group took credit for many high-profile attacks during the spring of 2011. The FBI and other law enforcement agencies worldwide have since arrested several individuals believed to have been associated with the group. At the beginning of March it was revealed in official court records that LulzSec's alleged leader, a hacker known online as Sabu, has been working as a cooperating witness with the FBI since August 2011.
The rebirth of LulzSec seems to be the hacktivist community's response to Sabu's perceived betrayal of their cause and the arrests that resulted from his cooperation with the authorities. The LulzSec Reborn Twitter account was created on March 9 and was accompanied by videos posted on YouTube announcing the group's return on the hacking scene.
This isn't the only hack that Lulsec Reborn has claimed: On Monday, the group said it had compromised csscorp.com, the website of a San Jose-based information and communication technology company called CSS Corp.
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Cybercrime and Hacking White Papers | Webcasts