Establishing Digital Trust: Don't Sacrifice Security for Convenience
Hackers recently published thousands of plain text passwords from the Web site of clothing company Billabong International.
"In a post, placed on a popular code sharing site, hackers claimed to have exposed the root information for Billabong's network, the usernames and passwords for its MySQL databases and information on over 21,000 user accounts," writes ZDNet's Michael Lee. "The user account information included email addresses and passwords, which were stored in plain text. The hackers claimed to have leaked 20,000 to 35,000 accounts, but the list, ordered alphabetically, stops mid-way, at email addresses beginning with 'marc.' Nevertheless, the information for a total of 21,435 users is now in the wild."
"The hackers behind the latest dump suggested they may have gained root access to the Billabong servers," writes Ars Technica's Dan Goodin. "The privileged access would have given them unfettered privileges to read, write, or delete files or install new applications. They didn't say how they penetrated the website's defenses."
In a statement to SC Magazine, the company said, "At this stage, we understand that the customer database contains personal information of certain customers of the website, but no financial data. We view this attack as an extremely serious matter and have taken urgent action to contain the incident and prevent further attacks occurring. We are continuing to gather information about the incident and to establish the extent and nature of the data that may have been accessed. We will take further appropriate measures as new information comes to light."