From July 4th until about a week ago, Russian-speaking hackers have breached 97 websites, stealing login credentials, lists of unencrypted passwords, and a list of websites and their software vulnerabilities.
A majority of the websites have been niche dating sites (though they are not responsible for the Ashley Madison intrusion), however, a few have been job-related sites says Hold Security, a company specializing in analyzing data breaches)
Alex Holden, founder and CTO of Hold Security, states that large amounts of stolen information were found by the company’s analysts on a server that, for some reason, was not password protected. Along with this, Hold Security says that it comes across such stolen data repositories frequently in research, but doesn’t have the resources to contact every company named.
Hold Security specializes in informing companies when their data turns up as an offer in underground markets, and said it doesn’t appear the hackers have tried to sell any data.
The hackers essentially “are doing what security auditors would,” by probing websites for weaknesses, he said.
In many cases, his analysts have confirmed the software vulnerabilities being claimed by the hackers. SQL injection flaws are database flaws that, if exploited, give hackers the potential to access other information stored in the systems, which is a vulnerability that a lot of these websites have.
It doesn’t seem that these hackers have the same intentions as the Impact Team invading AshleyMadison, where personal information like birth dates, dating preferences, and GPS data of users were all dumped to the public, leading to many users receiving extortion attempts over email.
As hackers managed to breach 97 websites within 8 weeks, it’s time to start preparing to defend your site against attack. Here’s a few tips:
- Make sure software stays up-to-date including the server operating system and any software running on the website.
- Install SSL encryption immediately to encrypt and protect communications between the browser and the website server.
- Use a web application firewall to inspect incoming traffic, eliminate malicious and/or dangerous requests, and protect against attacks.
However, usernames, emails, and passwords are extremely useful for hackers. Although it doesn’t appear that they’ve stolen any more sensitive data, and they don’t seem to be selling the data that they do have, it is still unclear what these hackers plan to do. Contact us at (310) 893-0878 or send us an email at [email protected] for more information.