@TeamGhostShell (TGS) leader, @deadmellox has just tipped us off to another huge leak that is on the same scale as the last chinese leak from TGS. The most recent attack is mainly on Taiwan based websites with some other sites being attacked to. The leak contains a fairly detailed message as well as links to individual pastes that contain the actual leaked databases from the many attacked sites. The sites that have been attacked range from Chinese education to game sites and even Scottish sites as well as many others, full report coming soon.

Backstage of #ProjectDragonFly & #ProjectGhostShell – 200k accounts & 300k records leaked https://privatepaste.com/111f5022f7|| https://pastie.org/4192842

The release file also contains a few image of XSS on some major and well known websites as well as a list of vulnerable websites. It also contains the following message.

Backstage of #ProjectDragonFly and #ProjectGhostShell. A short description on what hackers can expect from chinese domains, when breaching them and how "dangerous" or "difficult" they truly are. This current leak will also contain 200.000+ accounts, like usernames, passwords, emails, phone numbers, addresses, zip codes, ICQ’s, ID’s, paypal accounts (etc.) and 300.000+ records, time, dates, locations, names, validation keys, ip’s (etc.). Two targets were confirmed as re-hacked. One of them is find2trade, which was originally in our point of range due to the fact that most people in there that did any sort of "business" were in fact chinese. The second one is the rating agency Fitch, the branch from China. Their data was stolen before, we managed to find other vulnerabilities within their site and it was posted alongside all of their passwords on that server. The main focus on this leak for Project DragonFly were new data on medium size/average companies, institutions, research labs, banks, airports, hospitals, forex, news site’s, EDU site’s and many more. This time, Taiwan had a big role to play in all of this, being targeted as well. An example from each side: TOPSHIP CHEMICAL CO.,LTD. founded in October, 1998, is a privately-owned joint stock company with registered capital of 156 million RMB. Alchip Technologies, Inc., headquartered in Taipei, Taiwan, is a provider of silicon design and manufacturing services for companies developing complex and high-volume system-on-chip (SoC) designs. Project GhostShell reached out to provide similar leaks, like banks, airports, hospitals (or better yet healthcare website/s), government site’s, forex trading, companies, corporations, news site’s, architecs archives, the russian mafia, technology, and so on. The backstage of this current leak, end’s with a list of vulnerable xss site’s, like CNN, AOL, Puma, Peugeot, ICQ, Tudou but also others. Screenshot’s were uploaded as proof. Two of them have their links censored since the attacks were done via open source code, the rest have been shown completely exposed just to prove how insecure and easy it is to target them. And finally, a list with other vulnerable site’s/server’s was provided, just like last time. This list is composed of places that I didn’t have time to breach, or some of them have already been and in reply they have been leaked here. ______________________________ REMINDER: As we have announced over these past few weeks, Team GhostShell is currently recruiting new members. For those of you who are interested, and for those of you who want to know where they can reach us, they can find all the information listed here: https://privatepaste.com/d4dfce57bf ______________________________ I am proud to say that #ProjectDragonFly is still pretty much alive and ready to raise awareness once more against the Communist Party, and an on going, overall, protest for freedom of speech in China. #ProjectGhostShell stands firmly against it’s original principals of payback for all fallen hackers, but also the injustice done worldwide, mostly by politicians and the elite. We will not go away anytime soon, and as a note, expect more projects to rise up in the near future. Stay safe, stay anonymous & enjoy the ride.

Slideshow of xss attacks on CNN, Cam4, Peugeot, AOL, WMTips, ICQ and Tudou According to the press release there was many others who helped along with these attacks.

Special thanks to the internet for helping me find all these vuls, I don’t have the time to hack them all, so I’m releasing some of them, they range, from banks, companies, corporations, NASA, Rating Agencies, Labs, Cyberpolice, Justice Departments (for lawyers most of them), Stores, Online Shops, Golf, Transportation (like Rail Transits), AirForce, Sports, Schools, Technology, Lottery, Hotels, Hospitals, Police Departments, Forex, News Sites, Hacking site’s, Russian Mafia, Finance, China’s DNS and so much more.

**List Of Sites:**1. https://paoscholarship.zju.edu.cn/
2. https://cie.zjgsu.edu.cn/
3. https://school.cucas.edu.cn/
4. https://zsb.bupt.edu.cn/
5. https://www.mellobiotech.com.tw/
6. https://synergy-pune.com/
7. https://www.tzu-ai-hospital.com.tw/
8. https://www.topshipchem.com/
9. https://www.lypcc.com.cn/
10. https://www.cces.com.tw/
11. https://www.healthtime.com.tw/
12. https://www.alchip.com/tw/
13. https://www.forexroasting.com/
14. https://broker.forex.com.cn/
15. https://www.global-money.com/
16. https://www.tcb-bank.com.hk/
17. https://www.guardian-bank.com/
18. https://www.tidytowns.ie/
19. https://www.almubadara.org/
20. https://www.insanely-great.com/
21. https://www.norwichairport.co.uk/
22. https://www.juventud.gov.ar/
23. https://hfpy.kf.cn/
24. https://www.metalreg.com/
25. https://www.networkesl.com/
26. https://www.chinarencai.net/
27. https://www.yabao.com.cn
28. https://www.aim.hk/
29. https://www.tpshk.cn/
30. https://www.ell.com.cn
31. https://www.pinkmagic.hk.cn/
32. https://www.find2trade.com/
33. https://rumafia.com/
34. https://www.letsgame.com.cn/
35. https://www.pcidatabase.com/
36. www.africasia.com/
37. https://www.forex-tribe.com/
38. https://www.scottisharchitects.org.uk/

https://privatepaste.com/111f5022f7 mirror: https://pastie.org/4192842