Pierluigi Paganini
July 22, 2013
News of numerous and clamorous data breaches due cyber attacks is circulating on the internet, massive database from the Tango messenger server was hacked by the Syrian Electronic Army and a few hours after, same fate for the Ubuntu Forums that was also hacked exposing around 2 million user’s personal Information.
The figures are impressive, millions of personal data have been exposed, lets start to speak to what has happened to Ubuntuforums.org, the principal Ubuntu Forums website.
On the main page of the forum was posted an advisory that alerted Ubuntu users on a serious data breach that impacted near 2 million users
“There has been a security breach on the Ubuntu Forums,”
“The Canonical IS team is working hard as we speak to restore normal operations.” Was reported in the post on the main page.
The hackers obtained every user’s credentials, the passwords were encrypted, and email addresses from the Ubuntu Forums database and they also defaced the website signing the operation with Twitter account Sputn1k_.
Of course the response of the security team was immediate, Canonical requested to forum users to modify the password in case they have shared it for other web services.
“Ubuntu One, Launchpad and other Ubuntu/Canonical services are not affected by the breach,” company stated.
But hackers have caused others serious data breaches, the popular group Syrian Electronic Army (SEA), has claimed the responsibility for a cyber attack against the website of messaging application, Tango (tango.me) which manages hundreds of millions of electronic and voice data over the Internet.
The hackers spread on twitter the following message
“Sorry @TangoMe, We needed your database too, thank you for it! http://tango.me #SEA #SyrianElectronicArmy”.
In a post on their official website, hackers announced:
“The databases content a of millions of the app user’s phone numbers, contacts and their emails. More than 1.5 TB of the daily-backups of the servers network has been downloaded successfully“
The hackers also provided evidences of their attacks posting the screenshot of the backups folder of the Tango servers compromised.
The hackers exploited the outdated version of WordPress CMS to obtain unauthorized access to the database server. Just after the attack the website administrators redirected the visitors to a Tango Facebook page during necessary maintenance activities.
The hacker group Syrian Electronic Army is known for its support to Syrian Government, they also announced that data stolen from database will be provided to the Government.
The Syrian Electronic Army is considered one of most active group of hackers, recently it also broke broke into the database of the collaborative global phone directory Truecaller, also in this case the hackers exploited the outdated version of WordPress to access to company databases.
“The Syrian Electronic Army hacked the Truecaller (The global phone directory) website and database. The databases content a hundred of millions of phone numbers and its owners in addition of millions of Facebook/Twitter/Linkedin/Gmail accounts,” says a statement on the hacking groups website.
Despite the attacks described have different motivations these data breaches raise security questions on the level of security granted by principal service providers. These data breaches expose internet users to serious risks, data collected in fact could be provided to Government and intelligence agencies for further cyber attacks or could be sold on the underground market by cyber criminals to fuel other illegal activities.
Probably it’s time to request more guarantees on the security offered by service providers, I found not acceptable that million of records are stolen from a corporate database exploiting outdated softwares … in these cases there are serious and objective responsibility in the management of user’s information.
Pierluigi Paganini
(Security Affairs – Hacking, Tango, Data Breaches, UbuntuForums, Syrian Electronic Army)
