Tag Archives: Hacker

Internet Archive Hacked, Data Breach Impacts 31 Million Users



Internet Archive’s “The Wayback Machine” has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records, BleepingComputer reported.

News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.

“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of a catastrophic security breach? It just happened. See 31 million of you on HIBP!,” reads a JavaScript alert shown on the compromised archive.org site.

The text “HIBP” refers to the Have I Been Pwned data breach notification service created by Troy Hunt, with whom threat actors commonly share stolen data to be added to the service.

Hunt told BleepingComputer that the threat actor shared the Internet Archive’s authentication database nine days ago and it is a 6.4GB SQL file named “ia_users.sql.” The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internet data.

The Verge reported: When visiting The Internet Archive (www.archive.org) on Wednesday afternoon, The Verge was greeted with a pop-up claiming the site had been hacked. Just after 9PM ET, Internet Archive founder Brewster Kahle confirmed the breach and said the website had been defaced with the notification via a JavaScript library.

According to The Verge, a tweet from HIBP said 54 percent of the accounts were already in its database from previous breaches. In posts on his account, Hunt gave further details on the timeline, including contacting the Internet Archive about the breach on October 6th and moving forward with the disclosure process today, when the site was defaced and DDoS’s at the same time they were loading the data into HIBP to begin notifying affected users.

TechCrunch reported: Have I Been Pwned (HIPB), a data breach notification site, later confirmed the breach, saying that 31 million unique email addresses and usernames were stolen; so did Brewster Kahle, the self-described digital librarian who founded the Internet Archive in 1996.

Indeed, after what may or may not be a related distributed denial-of-service attack, on the service (a hacktivist group claimed responsibility for one but not the other) Kahle on Wednesday night suggested there could be more to come. The organization has “fended off” the DDoS attack “for now,” scrubbed its systems, and upgraded its security, he wrote on X. “Will share more as we know it.”

In my opinion, their is no good reason to collect user data from the Internet Archive, no matter what. The hacker is either having a laugh at being able to steal other people’s data, or simply wants attention. 


New York Times Source Code Stolen From Exposed GitHub Token



Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company’s GitHub repositories in January 2024, The Times confirmed to BleepingComputer.

As first seen by VX-Underground, the internal data was leaked on Thursday by an anonymous user who posted a torrent to a 273GB archive containing the stolen data.

“Basically all source code belonging to The New York Times Company, 270GB,” reads the 4chan forum post. “There are around 5 thousand repos (out of them less than 30 are additionally encrypted I think), 3.6 million files total, uncompressed tar.”

In a statement to BleepingComputer, The Times said the breach occurred in January 2024 after credentials for a cloud-based third-party code platform were exposed. A subsequent email confirmed this code platform was GitHub.

“The underlying event related to yesterday’s posting occurred in January 2024 when a credential to a cloud-based third-party code platform was inadvertently made available. The issue was quickly identified and we took appropriate measures in response at there time. There is no indication of unauthorized access to Times-owned systems nor impact to our operations related to this event. Our security measures include continuous monitoring for anomalous activity” – The New York Times

Mashable reported reported the controversial image board 4Chan is back in the news this week after two big data dumps were posted on the site.

Now, it appears that the New York Times Company is the largest establishment to have its data leaked on 4Chan over the past week. The data allegedly includes source code to its viral World game.

Mashable reported X user @vxunderground appears to be the first to notice that 270GB of internal data connected to the New York Times was posted online. The data contains the company’s internal source code and consists of more than 5,000+ source code repositories. The leak is made up of a total of roughly 3,600,000 files.

According to a text file shared by the hacker, 6,223 folders were stolen from the New York Times’ GitHub repository. This includes internal company IT documents and source code, which includes the popular word game that the Times acquired in 2022, Wordle.

The Register reported a 4chan user claims to have leaked 270GB of internal New York Times data, including source code and other web assets, via the notorious image board.

According to the unnamed netizen, the information includes, “basically all source code belonging to The New York Times Company,” amounting to roughly 5,000 repositories and 3.6 million files now available for download from peer-to-peer networks. Details on how to get the files where shared by the poster on 4chan.

Of the files listed – whose names indicate everything from blueprints to Wordle to email marketing campaigns and ad reports — “less than 30” repositories are “encrypted,” the 4channer claimed. Again, take this with a healthy does of salt considering the source — an unnamed 4chan user.

In my opinion, stealing files and data from a large company’s GitHub is not a good idea. It is entirely possible that the New York Times may have already hired someone to find the hacker who did this.


An 18-Year-Old Hacker Sentenced To An Indefinite Hospital Order



Hacker by Toqfiqu barbhuiya on Unsplash smallAn 18-year-old hacker who leaked clips of a forthcoming Grand Theft Auto (GTA) game has been sentenced to an indefinite hospital order, BBC reported.

Arion Kurtaj from Oxford, who is autistic, was a key member of international gang Lapsus$. The gang’s attacks on tech giants including Uber, Nvidia, and Rockstar Games cost the firms nearly $10m. 

According to the BBC, the judge said Kurtaj’s skills and desire to commit cyber-crime meant he remained a high risk to the public. He will remain at a secure hospital for life unless doctors deem him no longer a danger. 

The court heard that Kurtaj had been violent while in custody with dozens of reports of injury or property damage. Doctors deemed Kurtaj unfit to stand trial due to his acute autism so the jury was asked to determine whether or not he committed the alleged acts – not if he did so with criminal intent.

A mental health assessment used as part of the sentencing hearing said he “continued to express the intent to return to cyber-crime as soon as possible. He is highly motivated.”

The jury was told that while he was on bail for hacking Nvidia and BT/EE and in police protection at a Travelodge hotel, he continued hacking and carried out his most infamous hack. Despite having his laptop confiscated, Kurtaj managed to breach Rockstar, the company behind GTA, using an Amazon Firestick, his hotel TV and a mobile phone.

The Verge reported that the 18-year-old Lapsus$ hacker who played a critical role in leaking Grand Theft Auto VI footage has been sentenced to life inside a hospital prison, according to the BBC. A British Judge ruled on Thursday that Arion Kurtaj is a high risk to the public because he still wants to commit cybercrimes.

According to The Verge, a mental health assessment found that Kurtaj “continued to express the intent to return to cybercrime as soon as possible.” He’s required to stay in the hospital prison for life unless doctors determine that he’s no longer a danger.

Another 17-year-old involved with Lapsus$ was handed an 18-month community sentence, called a Youth Rehabilitation Order, and a ban from using virtual private networks.

While Kurtaj’s defense asked the judge to take the GTA VI trailer’s success into account during the sentencing, the BBC says the judge argued that real companies and people were hurt by Lapsus$. Rockstar Games said it spent $5 million recovering from the attack.

Polygon reported that nearly an hour’s worth of footage was published on a Grand Theft Auto forum. The footage confirmed a Bloomberg report that said the game would be set in fictionalized Miami, better known as Vice City in the franchise, and feature a playable female character. GTA 6’s first trailer revealed that this character is called Lucia, and paired up with another lead named Jason.

In my opinion, it is never a good idea to hack information from big companies. Hackers who get caught tend to face big legal issues, and that could become a huge problem for those in the Lapsus$ gang.

 

 


23andMe Says Is Aware Of User Data Leak



Hacker by Toqfiqu barbhuiya on Unsplash small23andMe has confirmed to BleepingComputer that it is aware of user data from its platform circulating on hacker forums and attributes the leak to a credential-stuffing attack, Bleeping Computer reported.

23andMe is a U.S. biotechnology and genomics firm offering genetic testing services to customers who send a saliva sample to its labs and get back an ancestry and genetic predispositions report.

Recently, a threat actor leaked samples of data that was allegedly stolen from a genetics firm and, a few days later, offered to sell data packs belonging to 23andMe customers.

The initial attack was limited, with the threat actor releasing 1 million lines of data for Ashkenazi people. However, on October 4, the threat actor offered to sell data profiles in bulk for $1-$10 per 23andMe account, depending on how many were purchased.

A23andMe spokesperson confirmed that the data is legitimate and told BleepingComputer that the threat actors used exposed credentials from other breaches to access 23andMe accounts and steal the sensitive data.

“We were made aware that certain 23andMe customer profile information was compiled through access to individual 23andMe.com accounts, stated 23andMe’s spokesperson.

“We do not have any indication at this time that there has been a data security incident within our systems.”

“Rather, the preliminary results of this investigation suggest that the login credentials used in these access attempts may have been gathered by a threat actor from data leaked during incidents involving other online platforms where users have recycled login credentials.”

The Record reported a data scraping incident resulted in hackers gaining access to sensitive user information and selling it on the dark web.

The information of nearly 7 million 23andMe users was offered for sale on a cybercriminal forum this week. The information included origin estimation, phenotype, health information, photos, identification data and more. 23andMe processes saliva samples submitted by customers to determine their ancestry.

The company later said that it was aware that certain 23andMe customer profile information was complied through unauthorized access to individual accounts that were signed up for the DNA Relative feature – which allows users to opt in for the company to show them potential matches for relatives.

According to The Record, a researcher downloaded two files from the BreachForums post and found one that had information on 1 million 23andMe users of Ashkenazi heritage. The other file included data on more than 300,000 users of Chinese heritage.

The data included profile and account ID numbers, names, gender, birth year, maternal and paternal genetic markers, ancestral heritage results, and data on whether or not each user had opted into 23andMe’s health data.

Engadget reported a data scraping incident resulted in hackers gaining access to sensitive user information and selling it on the dark web.

The information of nearly 7 million 23andMe users was offered for sale on a cybercriminal forum this week. The information included origin estimation, phenotype, health information, photos, identification data and more. 23andMe processes saliva samples submitted by customers to determine their ancestry.

The company later said that it was aware that certain 23andMe customer profile information was complied through unauthorized access to individual accounts that were signed up for the DNA Relative feature – which allows users to opt in for the company to show them potential matches for relatives.

According to The Record, a researcher downloaded two files from the BreachForums post and found one that had information on 1 million 23andMe users of Ashkenazi heritage. The other file included data on more than 300,000 users of Chinese heritage.

The data included profile and account ID numbers, names, gender, birth year, maternal and paternal genetic markers, ancestral heritage results, and data on whether or not each user had opted into 23andMe’s health data.

Personally, I don’t have any interest in submitting my DNA to any genetics company. That said, I find it extremely troubling that the hackers sought out data from Ashkenazi people and people of Chinese heritage who used 23andMe.


Experts Warn of New Spyware Threat Targeting Journalists



Security experts have warned about the emergence of previously unknown spyware with hacking abilities comparable to NSO Group’s Pegasus that has already been used by clients to target journalists, political opposition figures, and an employee of an NGO, The Guardian reported. 

Researchers at the Citizen Lab at the University of Toronto’s Munk School said the spyware, which is made by an Israeli company called QuaDream, infected some victim’s phones by sending an iCloud calendar invite to mobile users from operators of the spyware, who are likely to be government clients. Victims were not notified of the calendar invitations because they were sent for events logged in the past, making them invisible to the targets of the hacking. Such attacks are known as “zero-click” because users of the mobile phone do not have to click on any malicious link or take any action in order to be infected.

According to the Citizen Lab report, the hacking tool is marketed by QuaDream under the name Reign. The hacking attacks that have been discovered occurred between 2019 and 2021.

The research underscores that, even as NSO Group, the maker of one of the world’s most sophisticated cyber weapons, has faced intense scrutiny and been blacklisted by the Biden administration, probably curtailing its access to new customers, the threat posed by similar and highly sophisticated hacking tools continue to proliferate.

Microsoft posted information titled: “Standing up for democratic values and protecting stability of cyberspace: Principles to limit the threats posed by cyber mercenaries”. From the information:

The explosive growth of private “cyber mercenary” companies poses a threat to democracy and human rights around the world. Cyber mercenaries – private companies dedicated to developing, selling, and supporting offensive cyber capabilities that enable their clients to spy on the networks, computers, phones, or internet-connected devices of their targets – are are real cause for concern. These tools have been used to target elections, journalists, and human rights defenders and are increasingly accessible on the open market, enabling malicious actors to undermine our key democratic institutions.

At Microsoft, we believe that digital technology has incredible potential to improve lives across the world, support democracy, and protect and promote human rights. That is why, at the second Summit for Democracy, we were proud to join the international coalition of over 150 companies that make up the Cybersecurity Tech Accord individually and collectively pushing back on the cyber mercenary market by committing to a set of industry principles. 

Our collective commitment to limiting the threats posed by cyber mercenaries:

  • Take steps to counter cyber mercenaries’ use of products and services to harm people;
  • Identify ways to actively counter the cyber mercenary market;
  • Invest in cybersecurity awareness of customers, users, and the general public;
  • Protect customers and users by maintaining the integrity and security of products and services;
  • Develop processes for handling valid legal request for information.

Personally, I don’t see why cyber mercenaries need to exist at all. These groups do not have the right to hack into other people’s phones. If you haven’t updated your iOS devices in a while – now is a great time to do it.


Hacking Forum Shuts Down After Administrator Gets Arrested



Last week, the FBI arrested a man alleged to be “Pompompurin,” the administrator of the infamous and popular BreachForums, TechCrunch reported. Days after the arrest, the cybercrime website’s new administrator announced that they are shutting down the forum for good.

“Please consider this the final update for Breached,” the new admin, known as “Baphomet,” wrote in the official Telegram channel. “I will be taking down the forum, as I believe we can assume that nothing is safe anymore. I know that everyone wants the forum up, but there is no value in short term gain for what will likely be a long term loss by propping up Breached as it is.”

The new administrator Baphomet did not respond to TechCrunch’s request for comment.

According to TechCrunch, the apparent end of BreachForums comes roughly a year after a coalition of international law enforcement agencies led by the U.S. Department of Justice seized RaidForums, another notorious cybercrime forum where hacked databases would be advertised and sold. BreachForums was born in the aftermath of RaidForums’ demise, and served pretty much the same purpose and audience.

The Record reported that a hacker going by the name “Baphomet” initially said they were working through an emergency plan for the forum after the arrest of 21-year-old Conor Brian Fitzpatrick at his home last Wednesday. In court documents, Fitzpatrick is alleged to be the hacker known as pompompurin – the leading administrator of BreachForums.

The Record also reported an update was posted on Tuesday, the new administrator taking over BreachForums said they now plan to shut down the platform entirely.

Baphomet wrote that someone was able to access the backend of the platform through pompompurin’s account on Sunday afternoon, leading them to believe law enforcement may have access to the site’s source code and information about the forum’s users.

According to The Record, Bahomet wrote: “This will be my final update on Breached, as I’ve decided to shut it down. I’m aware this news will not please anyone, but its the only safe decision now that I’ve confirmed that the glowies likely have access to Poms machine,” the hacker said.

The Record also reported that BreachForums became the go-to site for cybercriminals stolen data and market troves of information leaked during hacks and attacks. The forum was most recently in the news after hackers posted data stolen from Washington, D.C’s healthcare exchange platform on the site, including the sensitive information of Congress members and staff.

CNBC reported on March 21, at least 17 current or former members of Congress had personal information exposed in the hack of the District of Columbia health insurance data system, according to a top Democrat investigating the matter. And that number is expected to rise, he said. According to multiple reports, the breach might have impacted more than 56,000 people.

In my opinion, hackers cause problems for everyone – including themselves. They run the risk of going to jail due to their decision to grab data that does not belong to them. It is good that BreachForums is going down.


Europol Announced the Arrest of Two Ransomware Hackers



Eurpol announced in a press release that a coordinated strike between several law enforcement agencies resulted in the arrest in Ukraine of “two prolific ransomware operators known for their extortionate demands (between €5 and €70 million)”.

The law enforcement groups involved included the French National Gendarmerie, the Ukranian National Police Force, and the United States Federal Bureau of Investigation, with the coordination of Europol and INTERPOL.

According to Europol, the results of this included: 2 arrests and 7 property searches; seizure of US $375,000 in cash; seizure of two luxury vehicles worth €217,000 and asset freezing of $1.3 million in cryptocurrencies.

From the Europol press release:

The organized crime group is suspected of having committed a string of targeted attacks against very large industrial groups in Europe and North America from April 2020 onwards. The criminals would deploy malware and steal sensitive data from these companies, before encrypting they files.

They would then proceed to offer a decryption key in return for a ransom payment of several millions of euros, threatening to leak the stolen data on the dark web should their demands not be met.

The Record reported the arrests of the two members of a ransomware gang took place on September 28, in Kyiv, Ukraine’s capital. Of the two suspects who were arrested, one is a 25-year-old believed to be a crucial member of a large ransomware operation.

The names of the two suspects who were arrested have not been released. The Record reported that officials declined to name the suspect’s affiliation to any particular ransomware gang, citing an ongoing investigation. That information came from a Europol spokesperson.

It seems to me that this investigation is just beginning, and that Europol (and the rest of the assisting law enforcement agencies) are intending to continue their efforts. If the agencies are able to determine who else was involved in these crimes, I hope that those people face whatever legal consequences are appropriate.