Unknown

Update (Apr 19^th 2009) - (Presumably) the hacker posted a comment to this story with some details. He says that the number of records leaking was much higher: 17,000 Aussies and 7,000 Kiwis. The rest we did not understand and hope that either he or any of you can clarify.

Read more...

This time we may need to remove the word "web" leaving this incident classified only as "application security". Spotify is a new music streaming radio like service from Sweden. A weakness in Spotify streaming protocols enables hackers to gain access to users' encrypted passwords, email address, birth date, gender, postal code and billing receipt.

A report suggests that the UK retail site of the electronic equipment giant Panasonic was hacked and prices of products where set to pennies. Since the incident followed a layoff of 15,000 employees, it is assumed to be a disgruntled employees doing.

Whenever a defacement appears in WHID we need to explain why. After all isn't Zone-H a better repository of simple defacement. Well, yes, but according to this report by The Register this time it was Zone-H which was defaced.

It is Twitter again, it is a celebrity again. Why don't they keep their password to themselves. This incident is even uglier as the attacker posted obscene content on the Twitter account of the 16 years old actress Miley Cyrus. This is not the first attack targeting Miley Cyrus. As reported by WHID, her personal G-mail account was hacked last year and personal pictures were stolen and published online.

Ismael Valenzuela sent us a story about yet another malware through iFrame serving site. This time it is an official one, belonging to the Indian government official branch in Spain - it's embassy.

We can hardly include every malware service site in WHID, after all there are hundred of thousands, if not millions, of those. Why pick on the Indian embassy in Spain? One good reason is that we finally got in an input from a reader and wanted to honor the event and include the incident. But there is another more important reason.

First, hacked embassy sites are becoming a major issue which points to a much larger issue: cyber crime is endangering the Internet as we know it. While we come to rely on the web to provide us with all the information and services that we need, we do not have the tools to make it a safe place, and embassy web sites are a good example.

Practically the only way to provide sufficient security to a web site is not to have it in the first place. Instead small organizations must rely on the services of huge brokers, such as Amazon, eBay or Google sites. However not everyone can use this services. Embassies are a good example as they need to be "doubly localized" for both the originating and target countries which makes it nearly impossible to create a uniform service for them. Therefore even embassies of larger countries need to create small home made and insecure web sites, as they need to adjust their site content, language and site look to the local community served.

Thechnical analysis of the planted malware was done by Trend Micro.

I am not sure why rappers web presence is so often hacked. They might be the first generation of artists to use the web, brightly combining great Internet skills with technophobia which leads to basic operational errors. Or it might be the underground nature of the artists that (mis)manage their web presence by themselves.

Lil Kim is joining Soulja Boy in being cyber abuse, or so she claims, saying that a blog entry calling Naturi Naughton, the actress who portrays her in a new film, “tasteless and talentless.”, is a fake.

This is a first time a hacking report is a video flick. If, like me, you find it hard to understand, you can read a written summary on this Kiwi site. I guess that their readers also needed a translation of the speech in the video to English.

In a nutshell, hackers defaced Soulja Boy's MySpace page and published his e-mail and YouTube passwords on the net. They demanded $2,500 to give him his web presence back. For an artist that grew our of the Internet this presence is naturally very important, however he is now important enough that his record label was able to contact the different sites to get him his web properties back without paying the money.

In this case I have decided to categorize the attacked entity as Soulja Boy and not MySpace or YouTube, as I used to do in the past. The fact that the attack was against Soulja Boy properties around the web makes him, rather than any technology platform, the attack target.

It might have been a random hack, but the pornographic pictures splashed on an insider fashion industry blog where quickly blamed on the fashion icons and magazines offended by the blog.

While the Hannaford Breach which resulted in 4.2 stolen credit cards and 1800 known fraud cases may not be a web hack, a Computer World article mentioned that the company's web site was off line following the breach. Even if the breach itself was not a result of web site issues, such issues where probably found in the security review to follow the Breach making the incident a worthy addition to WHID.