The Hacker News Logo
Subscribe to Newsletter

Dslreports.com hacked, Over 9000 accounts compromised !

Dslreports.com hacked, Over 9000 accounts compromised !

DSL Reports - the information and review site on high speed Internet services which operates over 200 forums - has been hit with a blind SQL injection attack, which resulted in the compromise of at least 9000 accounts.

Founder Justin Beech posted a notification about the intrusion on the forum dedicated to the site, in which he specified that no login names, zip codes and private posts were compromised.

The attack went on for four hours on Wednesday and it was blocked before it had completed more than 8% of its work. All the same, the attackers managed to obtain a large number of email/password pairs.

"The ones they obtained were basically random. So they cover the entire 10 year history of the membership but sprinkled randomly. Some are very old accounts, some are new accounts, some inactive or deleted," says Beech.

"I identified the newest accounts, those that were obtained and have logged in over the last 12 months, and have alerted those by email. Older inactive accounts involved are also being notified by email now, although the older the account, the less likely the email is still current, or the password they used is still useful."

Once the intrusion was detected, stopped and the extent of the compromised accounts has been discovered, passwords for those accounts have been reset. Beech urges the users who received the notification to change their password and to do the same on accounts for other sites (Gmail, PayPal, Facebook, etc.) on which they used the same email/password combination.

"Obviously having both an sql injection attack hole (now closed) and plain text passwords is a big black eye, and I'll be addressing these problems as fast, but as carefully, as I can," promises Beech.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.