Anonymous Hack Leads Breach Roundup
2.4 Million E-Mails Stolen; Social Media Site Resets PasswordsIn this week's breach roundup, Anonymous reports that it stole 2.4 million e-mails from Syria and provided them to whisteblowing organization WikiLeaks, and social media site Formspring is resetting all of its users' passwords after 420,000 password hashes were posted to a security forum.
See Also: Are You APT-Ready? The Role of Breach and Attack Simulation
Anonymous Claims Syrian E-Mail Breach
The hacktivist group Anonymous is taking credit for providing the whistleblower organization WikiLeaks with 2.4 million e-mails from Syria.
WikiLeaks began releasing the e-mail files on July 5, according to a press release posted by Anonymous. The information belonged to the Syrian regime of Bashar Al Assad and certain Syrian companies.
The release explains that on February 5, the Anonymous Op Syria team, along with groups Anonymous Syria, AntiSec and the Peoples Liberation Front, conducted a massive breach of "multiple domains and dozens of servers inside Syria."
Password Breach Hits Social Media Site
Social media site Formspring reset all its users' passwords after 420,000 password hashes were posted to a security forum following a breach.
The posting on the security forum didn't include usernames or any other identifying information, according to a message on the Formspring blog.
Formspring learned that someone had broken into one of the company's development servers and was able to use that access to extract account information from a production database.
Best Buy E-Mail Accounts Hacked
Best Buy is notifying some of its customers via e-mail that their customer account passwords have been disabled and need to be reset, according to MSNBC.
"We are currently investigating increased attempts by hackers around the world to access accounts on BestBuy.com and other online retailers' e-commerce sites," an e-mail obtained by MSNBC read. "These hackers did not take username/password combinations from any Best Buy system; they appear to be using combinations taken elsewhere in an attempt to gain access to BestBuy.com accounts."
Canadian University Sever Breached
British Columbia Institute of Technology has notified students, faculty and staff that a computer server containing personal medical information of 12,680 individuals was accessed by an unauthorized party.
Audit analysis by the school so far indicates that the unauthorized activity was limited to using the server for downloading and uploading foreign films, rather than accessing individuals' records, says Dave Pinton, the institute's director of communications.