Modernizing Authentication — What It Takes to Transform Secure Access
The Unknowns recently breached Web sites belonging to the State of Rhode Island and the State of California.
In the Rhode Island breach, the hackers published the names of several databases along with sample data, writing, "Just protect your site, nothing else to say. I will forgive you this time; no sensitive data will be displayed ... The Unknowns are ready to help you if you want so, just contact us at: firstname.lastname@example.org."
The following day, the hackers breached the Web site of the California Department of Forestry and Fire Protection, publishing screenshots as well as user names and passwords. "From a table called bof.tbluser (bof probably stands for Board of Forestry) they’ve made available around a dozen usernames, clear-text passwords and user email addresses," writes Softpedia's Eduard Kovacs. "The same type and around the same quantity of data has been leaked from two other similar tables. One observation we must make is the fact that some of these accounts appear to have CMS (content management system) administrator rights. Lastly, The Unknowns have dumped what appear to be four credential sets that belong to the site’s administrators."
"The Unknowns first became known when they breached a number of high-profile Web sites," Kovacs notes in a separate article. "At the time, the list of targets included the car manufacturer Renault, Harvard University, French Ministry of Defense, European Space Agency, NASA’s Glen Research Center, the U.S. Air Force, Bahrain’s Ministry of Defense, and the Thai Royal Navy."