[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[WEB SECURITY] Over 32 million accounts have been compromised (the result of an attack on the RockYou.com site)
- From: "Dmitry Evteev" <devteev@xxxxxxxxxxxxxx>
- Subject: [WEB SECURITY] Over 32 million accounts have been compromised (the result of an attack on the RockYou.com site)
- Date: Wed, 30 Dec 2009 22:48:16 +0300
------=_NextPart_000_000D_01CA89A2.2CB90270
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_000E_01CA89A2.2CB90270"
------=_NextPart_001_000E_01CA89A2.2CB90270
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
It was discovered that the hacker under the pseudonym "igigi" managed to
compromise the database of users of the web site RockYou.com via classical
SQL Injection exploitation. The portal RockYou.com offers various services
to social networks such as Facebook and MySpace. The most valuable data
received by the hacker is the database of users consisting of 32'603'388
records. Depersonalized database (without usernames, emails, and other
sensitive information) was kindly downloaded to rapidshare.com, but has been
already removed from there and is now available only on torrents.
Positive Technologies Research Team presents to your attention the analysis
of a scope of 32'603'388 passwords. See reference:
http://ptresearch.blogspot.com/2009/12/over-32-million-accounts-have-been.ht
ml#more
- - - - - - - - - - - - - - -
Best Regards, Dmitry Evteev
Positive Technologies Co.
Tel.: (495) 744-0144
Web: http://www.ptsecurity.ru
------=_NextPart_001_000E_01CA89A2.2CB90270
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml"; =
xmlns=3D"http://www.w3.org/TR/REC-html40";>
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3DRU link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoNormal><span lang=3DEN-US>It was discovered that the =
hacker under the
pseudonym "igigi" managed to compromise the database of users =
of the
web site RockYou.com via classical SQL Injection exploitation. The =
portal
RockYou.com offers various services to social networks such as Facebook =
and
MySpace. The most valuable data received by the hacker is the database =
of users
consisting of 32’603’388 records. Depersonalized database =
(without
usernames, emails, and other sensitive information) was kindly =
downloaded to
rapidshare.com, but has been already removed from there and is now =
available
only on torrents.<o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US>Positive Technologies Research =
Team
presents to your attention the analysis of a scope of =
32’603’388
passwords. See reference: <a
href=3D"http://ptresearch.blogspot.com/2009/12/over-32-million-accounts-h=
ave-been.html#more">http://ptresearch.blogspot.com/2009/12/over-32-millio=
n-accounts-have-been.html#more</a><o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US>- - - - - - - - - - - - - - =
-</span><span
lang=3DEN-US> <br>
</span><span lang=3DEN-US>Best Regards, Dmitry Evteev</span><span =
lang=3DEN-US> <br>
</span><span lang=3DEN-US>Positive Technologies Co.</span><span =
lang=3DEN-US> <br>
</span><span lang=3DEN-US>Tel.: (495) 744-0144</span><span lang=3DEN-US> =
<br>
</span><span lang=3DEN-US>Web: http://www.ptsecurity.ru</span><span =
lang=3DEN-US><o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p>
</div>
</body>
</html>
------=_NextPart_001_000E_01CA89A2.2CB90270--
------=_NextPart_000_000D_01CA89A2.2CB90270
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILWTCCAj0w
ggGmAhEAzbp/VvDf5LxU/iKss3KqVTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG
A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjgwODAxMjM1OTU5WjBfMQsw
CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVi
bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiH
mgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNePNGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF
4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEwDQYJKoZIhvcNAQECBQADgYEATD+4i8Zo3+5DMw5d
6abLB4RNejP/khv0Nq3YlSI2aBFsfELM85wuxAc/FLAPT/+Qknb54rxK6Y/NoIAK98Up8YIiXbix
3YEjo3slFUYweRb46gVLlH8dwhzI47f0EEA8E8NfH1PoSOSGtHuhNbB7Jbq4046rPzidADQAmPPR
cZQwggRGMIIDr6ADAgECAhBm/Ufjwhnk6JrNmd31OsskMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNV
BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMg
UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNTEwMjgwMDAwMDBaFw0xNTEwMjcy
MzU5NTlaMIHdMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsT
FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczov
L3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTA1MR4wHAYDVQQLExVQZXJzb25hIE5vdCBWYWxpZGF0
ZWQxNzA1BgNVBAMTLlZlcmlTaWduIENsYXNzIDEgSW5kaXZpZHVhbCBTdWJzY3JpYmVyIENBIC0g
RzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJ36zn6vj4AxTEAJLVwX42wjzvfHIV
y8CrjD0clc5vHhAsPwDtlybmtsfmrUMdP6SHR0dMPlT4bPjH/LGevTBwvJexAwXqlfGtQMVEeksF
ovJg/Nc6ZWLv/xB7ola7xU5wLdaiHzztsELoXo1XIaymmdkR6dIaB8B0R0IL/MU06v3muiTRHQgV
N6LXc88BQS9jsjo/vqUabvTJSls9laYVuzUCGfnU77yPDnF2WbtLtj7W/FoW9NYOifJJ/mwM7RXp
2Yh1nHnOYCfdua11zi9zlXpAOoV1SbC432i8q80TgoURUKPgPAuuwApTzdcwb4UyRhvkSRDCbOKv
H3n/27S1AgMBAAGjgf8wgfwwEgYDVR0TAQH/BAgwBgEB/wIBADBEBgNVHSAEPTA7MDkGC2CGSAGG
+EUBBxcBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwCwYDVR0P
BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIBBjAuBgNVHREEJzAlpCMwITEfMB0GA1UEAxMWUHJpdmF0
ZUxhYmVsMy0yMDQ4LTE1NTAdBgNVHQ4EFgQUEX1eGX08BN9qbNaiiho/Mdg7lFIwMQYDVR0fBCow
KDAmoCSgIoYgaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMS5jcmwwDQYJKoZIhvcNAQEFBQAD
gYEAPKPaAmM6xJOqq3LT3K1QOB4MnhZKiLfu69n/D42VoNa7+moLrmGE2GhHie9PrLIfSUGbSTN2
k4uebrlDHGC9wtyKLYfBRcARcgQaayQqbG/n/AcTKdB3OiPn9cGFaBm/xgFUIBmuNYLMYjxhCcb0
1euwD6afM4Wa03GOUI+Z3WIwggTKMIIDsqADAgECAhAlMcH3fScMC0A7dtTaNtr5MA0GCSqGSIb3
DQEBBQUAMIHdMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsT
FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczov
L3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTA1MR4wHAYDVQQLExVQZXJzb25hIE5vdCBWYWxpZGF0
ZWQxNzA1BgNVBAMTLlZlcmlTaWduIENsYXNzIDEgSW5kaXZpZHVhbCBTdWJzY3JpYmVyIENBIC0g
RzIwHhcNMDkxMTE2MDAwMDAwWhcNMTAxMTE2MjM1OTU5WjCCARcxFzAVBgNVBAoTDlZlcmlTaWdu
LCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVy
aXNpZ24uY29tL3JlcG9zaXRvcnkvUlBBIEluY29ycC4gYnkgUmVmLixMSUFCLkxURChjKTk4MR4w
HAYDVQQLExVQZXJzb25hIE5vdCBWYWxpZGF0ZWQxNDAyBgNVBAsTK0RpZ2l0YWwgSUQgQ2xhc3Mg
MSAtIE1pY3Jvc29mdCBGdWxsIFNlcnZpY2UxFjAUBgNVBAMUDURtaXRyeSBFdnRlZXYxJTAjBgkq
hkiG9w0BCQEWFmRldnRlZXZAcHRzZWN1cml0eS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAJxxSq3nAOmb0LjQgJta7mi914fJHSOHhGtpiqofc6lfS7s4ODuOj9PRfXML+9AooQr3Gpjv
6s38dP/alSj95bQJmh/sx1FGw6gvd2T55k+lvE8eaS9ze5vVPxS/0tOF6YIdZbtxA9BWrKpjtV0d
HnJzt4P8VXa1XGybeb/juAlxAgMBAAGjgcwwgckwCQYDVR0TBAIwADBEBgNVHSAEPTA7MDkGC2CG
SAGG+EUBBxcBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwCwYD
VR0PBAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjBKBgNVHR8EQzBBMD+gPaA7
hjlodHRwOi8vSW5kQzFEaWdpdGFsSUQtY3JsLnZlcmlzaWduLmNvbS9JbmRDMURpZ2l0YWxJRC5j
cmwwDQYJKoZIhvcNAQEFBQADggEBAIt0jStBlSlmT6YAQ39R8obqBcLybthlWNXtAjN5jmCn+yqA
N5rXqr8/Tvt4wnuEHuQX8v3xNyJ/fYgt1GPmQfyq3WcHKqKTFmhEfU59Fl5fW7nzu6hSCYwym18G
1j93oc/IuAlTJV7kKHsPfm/r4oclpjJhrTX4lvH5+94ZbcG/fihJDO2ReFC6Hn75JWNF0Sk/szXe
EYPhVdZeLJnfllAqDSQPfACLIYnpJbcV4/5MSBDfEN8kDJH+xtWwo1TijhUxg3NA0pRTggG9e+yG
Bl+Mm+QyYgAOxhIv8VMxBieHc6c6zq4ZJLx1HwsdvsERQpoZ6vv0G5IhVHCyDpatD1YxggTEMIIE
wAIBATCB8jCB3TELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6
Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRh
dGVkMTcwNQYDVQQDEy5WZXJpU2lnbiBDbGFzcyAxIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQSAt
IEcyAhAlMcH3fScMC0A7dtTaNtr5MAkGBSsOAwIaBQCgggMnMBgGCSqGSIb3DQEJAzELBgkqhkiG
9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA5MTIzMDE5NDgxNlowIwYJKoZIhvcNAQkEMRYEFKSdONyZ
FbnWGnUEkM0bWuaZt9mIMIG3BgkqhkiG9w0BCQ8xgakwgaYwCwYJYIZIAWUDBAEqMAsGCWCGSAFl
AwQBFjAKBggqhkiG9w0DBzALBglghkgBZQMEAQIwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMC
AgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMAcGBSsOAwIaMAsGCWCGSAFlAwQCAzALBglghkgB
ZQMEAgIwCwYJYIZIAWUDBAIBMAoGCCqGSIb3DQIFMIIBAwYJKwYBBAGCNxAEMYH1MIHyMIHdMQsw
CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy
dXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2ln
bi5jb20vcnBhIChjKTA1MR4wHAYDVQQLExVQZXJzb25hIE5vdCBWYWxpZGF0ZWQxNzA1BgNVBAMT
LlZlcmlTaWduIENsYXNzIDEgSW5kaXZpZHVhbCBTdWJzY3JpYmVyIENBIC0gRzICECUxwfd9JwwL
QDt21No22vkwggEFBgsqhkiG9w0BCRACCzGB9aCB8jCB3TELMAkGA1UEBhMCVVMxFzAVBgNVBAoT
DlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQL
EzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEeMBwG
A1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTcwNQYDVQQDEy5WZXJpU2lnbiBDbGFzcyAxIElu
ZGl2aWR1YWwgU3Vic2NyaWJlciBDQSAtIEcyAhAlMcH3fScMC0A7dtTaNtr5MA0GCSqGSIb3DQEB
AQUABIGAMIwEcM3biirZdNF5bNK6v27szEYbh2yVdMO4nWhl7vGbhnua/8jHrEXRpmzWDkpNI5vA
U30ALdRg49+BpTGnOhXnpxDXEDfkcj1q6oTl43gjEG88XcPNIETaziVMRg+tuLg0U6256joISvap
tkFSv0yxocF8yPStSj989q4i/30AAAAAAAA=
------=_NextPart_000_000D_01CA89A2.2CB90270--
Brought to you by http://www.webappsec.org
Search this site
|