Reportedly, over a million accounts on the Supercell community forum have been compromised after a data breach occurred in 2016.

The firm Supercell, the authors of the notorious “The Clash of Clans” mobile game admitted that accounts on Supercell community forum have been hacked. Supercell is the creator of popular games such as Clash of Clans, Hay Day, Clash Royale, and Boom Beach.

According to an official statement issued by the company, hackers compromised more than 1 million accounts in a data breach occurred in September 2016.

LeakBase confirmed that the number of affected user account is 1 million.

The cyber attack affected the Supercell community forum said in an official statement that the breach happened in September 2016 and that the site’s forums were affected. According to the company,  hackers exploited a vulnerability in the Vbulletin CMS used by Supercell for its forums.

The company confirmed that game accounts weren’t affected by the data breach.

“As we’ve said before, to provide our forum service we use software from vbulletin.com. We’re currently looking into report that a vulnerability allowed third-party hackers to gain illegal access to some forum user information, including a number of emails and encrypted passwords.” reads the official statement from the company. “Our preliminary investigation suggests that the breach happened in September 2016 and it has since been fixed. ” 

Supercell

Supercell urges users to change the password they are using on the affected forum as soon as possible. You can reset your password here:

Users can reset their password here: https://forum.supercell.com/login.php?do=lostpw

As usual, let me suggest users change the password in any other web service they are using with the same login credentials. As a general guideline, matching credentials should not be used on multiple sites.

“We take any such breaches very seriously and we follow very strict policies when it comes to security. Please note that this breach only affects our Forum service. Game accounts have not been affected.” the company added.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Clash of Clans, Data breach)

The post Supercell, Clash of Clans authors, hacked. 1 Million accounts compromised appeared first on Security Affairs.

Source: securityaffairs

The number of U.S. data breaches tracked in 2016 hit an all-time record high of 1,093, according to a new report by the Identity Theft Resource Center (ITRC) and CyberScout. This represents a substantial hike of 40 percent over the near record high of 780 reported in 2015. This raises the question: are there actually more breaches or is it because more states are making this information publicly available? “For the past 10 years, the … More
Source: helpnetsecurity

German-based ThyssenKrupp, one of the world’s largest steel producers, has announced that it has been the target of a cyber attack. The company said that the attack was a professional endeavour and has been traced back to the Southeast Asian region. The goal of the incursion was to steal technological know-how and research from some areas of the company’s Business Area Industrial Solutions. The attackers also breached the systems of Business Area Steel Europe, but … More
Source: helpnetsecurity

Kapustkiy, one of the most prolific hackers at this moment announced a new data breach, the victim is the India Regional Council.

Last week, I was contacted by a young hacker that breached Indian embassies across the worlds, he goes online with the moniker Kapustkiy.

Kapustkiy is a seventeen years old pentester that is targeting organizations and embassies across the world. Recently he breached the ‘Dipartimento della Funzione Pubblica’ Office of the Italian Government, the Paraguay Embassy of Taiwan (www.embapartwroc.com.tw), and a few days ago the hacker and his friend Kasimierz (@Kasimierz_) hacked the Indian Embassies in Switzerland, Mali, Romania, Italy, Malawi, and LibyaKapustkiy and his friend Kasimierz (@Kasimierz_).

He also targeted Universities, including two subdomains of Virginia University & Sub domain of University of Wisconsin (http://pastebin.com/i1wmM5D1 ) and another embassy, the Indian Embassy in New York (http://pastebin.com/Akm9x4dD )

The Indian authorities have issued a public statement to thank the young hacker for exposing the vulnerabilities in their websites.

“Thank you for your advice,” said Sanjay Kumar Verma, Joint Secretary, eGovernance and Information Technology. “We are fixing codes one by one. Your help in probing websites of various Indian embassies is a great help.”

This time the young hacker breached the database at the Eastern India Regional Council and leaked online a small portion of the archive composed of 17,000 users. Kapustkiy leaked an excel file containing more than 2000 user records as proof of the breach.

 India Regional Council breach

 

The records in the database of Eastern India Regional Council contain many attributes, including membership numbers, usernames, passwords, email addresses, registration numbers.

Kapustkiy used some web scanners to find several vulnerabilities in the target website and a simple SQL Injection tool to exploit the flaw he discovered. The hacker tried to contact the organization but they seem to ignore emails.

Once again Kapustkiy is inviting website administrators to pay attention to the security of their infrastructure.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Kapustkiy,  India Regional Council)

The post Eastern India Regional Council hacked by Kapustkiy appeared first on Security Affairs.

Source: securityaffairs

Hacker Kapustkiy breached into an Italian Government website (Dipartimento della Funzione Pubblica) exposing 9,000 users of 45,000.

A few days ago I was contacted by a young hacker that breached Indian embassies across the worlds, he goes online with the moniker Kapustkiy.

Kapustkiy is a pentester that is targeting organizations and embassies across the world. Recently he breached the Paraguay Embassy of Taiwan (www.embapartwroc.com.tw), while a few days ago the hacker and his friend Kasimierz (@Kasimierz_) hacked the Indian Embassies in Switzerland, Mali, Romania, Italy, Malawi, and LibyaKapustkiy and his friend Kasimierz (@Kasimierz_).

Indian authorities have issued a public statement to thank the young hacker for exposing the vulnerabilities in their websites.

“Thank you for your advice,” said Sanjay Kumar Verma, Joint Secretary, eGovernance and Information Technology. “We are fixing codes one by one. Your help in probing websites of various Indian embassies is a great help.”

Other victims are two subdomains of Virginia University & Sub domain of University of Wisconsin (http://pastebin.com/i1wmM5D1 ) and another embassy, the Indian Embassy in New York (http://pastebin.com/Akm9x4dD )

Yesterday he contacted me because he hacked a website belonging to the Italian Government. The database accessed by the hacker contains roughly 45,000 users, including login credentials.

Kapustkiy told me he has exploited an SQLi flaw in the ‘Dipartimento della Funzione Pubblica’ website to gain access to the database. He shared a Pastebin link containing the reference to an excel file containing the user records in the database.

The excel includes email addresses of the users, used as username, and encrypted passwords.

The link points to an excel file containing only 9,000 records, the young hacker published only a small portion of overall data in order to give Italian experts time to solve the problem.

Kapustkiy first contacted the site’s administrators to report the issue but without reply, only after the news went public someone has put the site in maintenance mode.

kapustkiy-hacks-italian-gov

“I did not get any response from the administrators. I hope they will improve their security,” he told me.

At the time I was writing the excel file is still online.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Kapustkiy, hacking)

The post Kapustkiy breached an Italian Government website, exposing 9,000 of 45,000 records appeared first on Security Affairs.

Source: securityaffairs

Three UK, a telecom and ISP operating in the United Kingdom, has suffered a data breach. According to Three’s status report on the investigation, the attackers were able to access the company’s customer upgrade system by using login credentials of an employee, and their goal was to steal high-end smartphones. “Over the last four weeks Three has seen an increasing level of attempted handset fraud. This has been visible through higher levels of burglaries of … More
Source: helpnetsecurity

The UK carrier Three Mobile confirmed a major cyber security breach which could have exposed the personal data of millions of customers.

Bad news for the UK carrier Three Mobile, cyber criminals have broken into a company database containing customer personal details, details of possibly six million customers exposed.

The news was reported by many media outlets that cited the National Crime Agency (NCA) and the Three Mobile company.

“Three Mobile cyber hack: six million customers’ private information at risk after employee login used to access database ” reports The Telegraph.

According to The Telegraph, Three Mobile admitted that hackers have accessed its customer upgrade database by using an employee login.

“In order to commit this type of upgrade handset fraud, the perpetrators used authorised logins to Three’s upgrade system.” said a company spokesman. 

“This upgrade system does not include any customer payment, card information or bank account information,” the spokesman said.

“Sources familiar with the incident told the Telegraph that the private information of two thirds of the company’s nine million customers could be at risk” continues The Telegraph.

three mobile uk-data-breach

Fortunately, payment data (i.e. Credit card data, bank account data) were not exposed, but the hackers did have access to customer names, addresses, phone numbers, and dates of birth.

Investigators believe the hackers have broken into the Three Mobile database to find customers eligible for handset updates and then place orders on their behalf for the new smartphones that were redirected to them and then resold in a parallel market.

This kind of scam is  increasing, crooks exploit handset upgrades being ordered in order to steal the mobile devices while in transit.

A Three Mobile spokesman confirmed a significant increase in attempted phone fraud over the past four weeks, adding that that increase also includes burglaries of Three retail stores.

The NCA has already arrested three men, two on computer misuse allegations and one on suspicion of attempting to pervert the course of justice.

“The investigation is ongoing and we have taken a number of steps to further strengthen our controls,” added the company spokesman.

The Three Mobile data breach follows the Talk Talk occurred in October 2015 when the details of more than 150,000 customers were stolen including the bank account details of around 15,000.

The company suffered a significant impact, it lost 95,000 subscribers as a result of the attack, which cost it £60million.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Three Mobile, data breach)

The post Three Mobile cyber data breach, six million customers’ private data at risk appeared first on Security Affairs.

Source: securityaffairs