Fahmida Y. Rashid reports:
A solo attacker has hacked into an events management company and obtained sensitive information belonging to 20,000 individuals, many of whom were United States government employees or contractors.
The cyber-attacker posted an Excel spreadsheet containing log-in credentials and personal information for 20,000 people obtained from allianceforbiz.com, according to a blog post signed by “Thehacker12” on Aug. 22. Allianceforbiz.com is a professional trade show management company that manages conferences, meetings and trade shows for customers, according to the company Website.
[…]
The spreadsheet contains usernames, passwords, email addresses. company name, and also whether the individual works for a government agency, Catalin Cosoi, head of Bitdefender Online Threats Lab, told eWEEK. Identity Finder, a data loss prevention software vendor, ran the file through its software and found 13,322 passwords and 17,590 email addresses in the file. Only 11,358 of the passwords had a username associated with them, Todd Feinman, CEO of Identity Finder, told eWEEK.
Read more on eWeek. No statement appears on Allianceforbiz.com at the time of this posting.
Updated 8:06 pm: The site now has the following notice on the homepage:
Our database and website has recently been compromised. Please note:
- We do NOT save credit card numbers, so that is not an issue.
- The site has been closed until all passwords have been changed.
If you are looking for information about our upcoming events, or trying to register, you are welcome to call or email us.
We are sorry about the inconvenience, but will be up and running shortly!