[pchelpers] News:Hacker Steals Data on 18M Auction Customers in South Korea
- From: John Durham <john.modec@xxxxxxxxxx>
- To: PC-Helpers <pchelpers@xxxxxxxxxxxxx>
- Date: Wed, 27 Feb 2008 13:23:38 +1300
Chinese attacker asks for ransom on data, reports say
FEBRUARY 26, 2008 | 4:53 PM
By Tim Wilson
Site Editor, Dark Reading
South Korea’s largest online shopping site earlier this month was
attacked by a Chinese hacker who made off with the user information on
18 million members and a large amount of financial data.
According to reports on Hack in the Box and the Web Application Security
Consortium Incident Report, Auction.co.kr has disclosed the theft of
data from some 18 million buyers and sellers.
The attack was launched from China's internet. After the incident,
Auction.co.kr received a phone call offering to exchange the user
information for money, the reports said.
According to a report on Dark Visitor, a security blog site, the Chinese
hacker did not directly attack the server. The hacker sent out bulk
emailings to the auction staff containing “hacker procedures" that may
have contained malware. When the staff members confirmed the emails, the
hacker was able to gain their IDs. The hacker was then able to log into
the Auction server using the staffer’s ID.
The WASC report categorizes the exploit as a cross-site request forgery
attack. "The attack description is vague, but can be best described as
session hijacking," the organization said.
Auction.co.kr waited 20 hours after the attack before confirming the
loss of information, according to the Korean site Hackbase.com. Korean
users rebuked the Website for being too slow to act, the reports said.
More here:
http://www.darkreading.com/document.asp?doc_id=147007
--
John Durham
Site http://modecideas.com
Server hosted on Ubuntu 4.10
Good advice is like good paint. It only works when applied.
--
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.
- Follow-Ups:
- [pchelpers] Re: News:Hacker Steals Data on 18M Auction Customers in South Korea
- From: Jackie MacWhirter
Other related posts:
- » [pchelpers] News:Hacker Steals Data on 18M Auction Customers in South Korea
- » [pchelpers] Re: News:Hacker Steals Data on 18M Auction Customers in South Korea
- [pchelpers] Re: News:Hacker Steals Data on 18M Auction Customers in South Korea
- From: Jackie MacWhirter