DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Ars was briefly hacked – change your passwords and carry on

Posted on December 17, 2014 by Dissent

Ars Staff report:

At 20:00 CT on December 14, an Internet intruder gained access to one of the Ars Web servers and spent the next hour attempting to get from the Web server to a more central machine. At 20:52, the attempt was successful thanks to information gleaned from a poorly located backup file. The next day, at 14:13, the hacker returned to the central server and replaced the main Ars webpage with a defacement page that streamed a song from the band Dual Core. That song, “All the Things,” features the chorus:

Drink all the booze,
hack all the things!

The hacker didn’t have long to drink all the booze and hack all the things, fortunately; by 14:29, our technical team had removed the defaced page and restored normal Ars operations. We spent the afternoon changing all internal passwords and certificates and hardening server security even further.

Log files show the hacker’s movements through our servers and suggest that he or she had the opportunity to copy the user database. This database contains no payment information on Ars subscribers, but it does contain user e-mail addresses and passwords. Those passwords, however, are stored in hashed form (using 2,048 iterations of the MD5 algorithm and salted with a random series of characters).

Read more on Ars Technica. The comments section under their post is actually pretty interesting as it discusses whether Ars’ security was good enough.

No related posts.

Category: Business SectorHack

Post navigation

← Consumer Watchdog Urges Public to 'Opt Out' of Cal INDEX Electronic Health Information Exchange
MD: Federal Jury Convicts Pharmacy Store Owner Of Health Care Fraud And Identity Theft →

1 thought on “Ars was briefly hacked – change your passwords and carry on”

  1. Peter says:
    December 17, 2014 at 12:49 pm

    MD5 would not be my choice, but 2K rounds with unique salt is actually better than many of the other breaches we’ve seen. Should give one more than enough time to reset one’s password, as this setup with a just a reasonable (let alone “good”) password would still require a hacker with strong cracking machines multiple days to crack most of them.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.