Update (Apr 19^th 2009) - (Presumably) the hacker posted a comment to this story with some details. He says that the number of records leaking was much higher: 17,000 Aussies and 7,000 Kiwis. The rest we did not understand and hope that either he or any of you can clarify.

Read more...

---

Leakage of information from an energy company is usually associated with gas stations fraud such as installing a stealth credit card reader at the pump. However, a report suggests that an incident in which information about 4500 Australian and 1400 Kiwis leaked was a result of a glitch in a web based application for applying for a Shell fuel card. The information obtained included company names, address details, email addresses and some bank account details.

A report suggests that the UK retail site of the electronic equipment giant Panasonic was hacked and prices of products where set to pennies. Since the incident followed a layoff of 15,000 employees, it is assumed to be a disgruntled employees doing.

Ismael Valenzuela sent us a story about yet another malware through iFrame serving site. This time it is an official one, belonging to the Indian government official branch in Spain - it's embassy.

We can hardly include every malware service site in WHID, after all there are hundred of thousands, if not millions, of those. Why pick on the Indian embassy in Spain? One good reason is that we finally got in an input from a reader and wanted to honor the event and include the incident. But there is another more important reason.

First, hacked embassy sites are becoming a major issue which points to a much larger issue: cyber crime is endangering the Internet as we know it. While we come to rely on the web to provide us with all the information and services that we need, we do not have the tools to make it a safe place, and embassy web sites are a good example.

Practically the only way to provide sufficient security to a web site is not to have it in the first place. Instead small organizations must rely on the services of huge brokers, such as Amazon, eBay or Google sites. However not everyone can use this services. Embassies are a good example as they need to be "doubly localized" for both the originating and target countries which makes it nearly impossible to create a uniform service for them. Therefore even embassies of larger countries need to create small home made and insecure web sites, as they need to adjust their site content, language and site look to the local community served.

Thechnical analysis of the planted malware was done by Trend Micro.

I am not sure why rappers web presence is so often hacked. They might be the first generation of artists to use the web, brightly combining great Internet skills with technophobia which leads to basic operational errors. Or it might be the underground nature of the artists that (mis)manage their web presence by themselves.

Lil Kim is joining Soulja Boy in being cyber abuse, or so she claims, saying that a blog entry calling Naturi Naughton, the actress who portrays her in a new film, “tasteless and talentless.”, is a fake.

This is a first time a hacking report is a video flick. If, like me, you find it hard to understand, you can read a written summary on this Kiwi site. I guess that their readers also needed a translation of the speech in the video to English.

In a nutshell, hackers defaced Soulja Boy's MySpace page and published his e-mail and YouTube passwords on the net. They demanded $2,500 to give him his web presence back. For an artist that grew our of the Internet this presence is naturally very important, however he is now important enough that his record label was able to contact the different sites to get him his web properties back without paying the money.

In this case I have decided to categorize the attacked entity as Soulja Boy and not MySpace or YouTube, as I used to do in the past. The fact that the attack was against Soulja Boy properties around the web makes him, rather than any technology platform, the attack target.

It might have been a random hack, but the pornographic pictures splashed on an insider fashion industry blog where quickly blamed on the fashion icons and magazines offended by the blog.

While the Hannaford Breach which resulted in 4.2 stolen credit cards and 1800 known fraud cases may not be a web hack, a Computer World article mentioned that the company's web site was off line following the breach. Even if the breach itself was not a result of web site issues, such issues where probably found in the security review to follow the Breach making the incident a worthy addition to WHID.