‘Tens of thousands’ of user accounts exposed - Security Bytes

IT Knowledge Exchange

Register

Forgot Password

Site FAQ

Advertisement

Home > IT Blogs > Security Bytes > ‘Tens of thousands’ of user accounts exposed

» VIEW ALL POSTS Oct 16 2007 8:55AM GMT

‘Tens of thousands’ of user accounts exposed

Posted by: Bill Brenner

Information Security Threats

Mikko Hypponen, director of antivirus research at F-Secure Corp., has a sobering blog posting this morning about an unknown group that publicly posted information about tens of thousands of user accounts.

Mikko writes: “A 4.5MB text file was uploaded to a Finnish website earlier today. The file contains usernames, e-mail addresses, passwords and uncracked password hashes of almost 79,000 user accounts. These accounts are mostly from different Finnish web forums. It’s quite trivial to find the correct password based on the password hash, assuming the password is “easy” and can be found from a password dictionary. The passlist.txt file claims that the hack was done by two Swedish hackers but this has already been disputed.”

He says this resembles an earlier incident six weeks ago in which Swedish hacker Dan Egerstad published hundred passwords to different embassies and government organisations. However, Mikko notes, in that case Egerstad stole the information by running rogue TOR exit node servers.

“In today’s case,” he writes, “the information has been stolen by unknown parties – most likely by hacking the servers of several Finnish Web forums. That’s pretty much the only way to gain access to the password hashes.”

Comment

RSS Feed

Comment on this Post

You must be logged-in to post a comment. Log-in/Register

John Metzner | Oct 24 2007 10:36AM GMT

Well check this out. It sounds like you are indeed looking for a new program that can help you get <b>Unified Client Security</b>. I’d try eEye before you try any other websites or companies. They’ve got some great free downloads and the antivirus software I’ve purchased from them has performed beyond my expectations and better than any of the other endpoint protection programs I’ve run.

If they don’t have anything that you like keep looking. It’s important to clean your hard drive out asap. Leaving those kinds of threats on your computer will seriously compromise your desktop security. After you get your drive clean make sure you have some sort of <a href="http://www.eeye.com/html/products/blink/index.html" rel="nofollow">intrusion prevention</a> running no matter what program you ultimately buy. This will help you keep out all the garbage that seems to come back. Good luck man, keep us posted!

Visit Information Security Home | Information Security News | Information Security White Papers | Information Security Videos | Information Security Resources

Ask an IT Question

About the Blogger

Robert Westervelt

Twitter.com/rwestervelt Rob is a news reporter and editor for SearchSecurity.com. Since joining TechTarget in July 2003, Rob has covered SAP, Oracle and the database industry for SearchDatabase.com, SearchSAP.com and SearchOracle.com. Prior to joining TechTarget, Rob was a newspaper reporter for five years at The Day in New London, Conn., where he wrote a variety of crime, general news, government and business stories while covering towns in Southeastern Connecticut. A military veteran, Rob served four years with the U.S. Air Force, U.S. Forces Police in Kaiserslautern Germany. He holds a degree in journalism from the University of Connecticut. READ MORE

>> READ MORE ABOUT THE BLOGGERS

Browse This Blog's Tags

Adobe Flash, Antivirus, antivirus software, Application Security, banking Trojan, cloud security services, Compliance, Conficker, cybersecurity coordinator, Data Breaches and Identity Theft, Data Breaches and Identity Theft, data security, DHS, federal cybersecurity, Firefox security, Identity and access management, Information Security Careers, Information Security Threats, Laws, Investigations and Ethics, malicious URLs, Microsoft Security, Microsoft Security Essentials, Mozilla security, Network Security, P2P, patch management, patching, PCI compliance, Phishing, Platform Security, Privacy, Project Minerva, ransomeware, risk, Rogue Antivirus, Security, security budgets, security jobs, Security Management, security research, Security Vendor News, shortened URLs, social engineering, social networking flaws, tokenization, Twitter security, Uncategorized, web application flaws, webmail security, Zeus Trojan

Security Wire Daily News

brought to you by SearchSecurity.com

Cost of security, IT management add up at healthcare facilities, study finds
Digitalizing healthcare records and new health systems fail to cut costs, according to new research from Harvard University. Security and other manage...READ MORE

Exploit code targets Internet Explorer zero-day display flaw
Exploit code is publically available targeting an Internet Explorer cascading style sheet (CSS) handling error, according to Symantec.

Increase in Gumblar backdoors poses FTP credential problems
Security Researcher explains how to detect the Trojan, but many victimized website owners don't have the technical expertise to fix the problem.

Hackers to sharpen malware, malicious software in 2010
Symantec researchers predict an increase in attacks using social network architectures, third-party applications and URL shortening services.

Health Net healthcare data breach affects1.5 million
A lost hard drive contained seven years of patient data including Social Security numbers and medical records of more than a million Health Net custom...READ MORE

Blog Roll

Help

Subscribe to Alerts

RSS feed of Security Bytes

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.

All Rights Reserved, Copyright 1999-2009, TechTarget | Read our Privacy Policy | Site Map

Podcast Powered by podPress (v8.8)