Princeton University became one of the more than 27,000 entities that recently had their databases wiped by attackers who claim that if victims pay ransom, they’ll get their data back. The attackers have been able to access and overwrite databases in MongoDB installations that were left open on Port 27017. With no login or authentication required, anyone can access…
Category: Hack
TwoPlusTwo Poker Forum Hacked; Personal Data Stolen and Offered for Sale
FlushDraw reports: The world’s largest online poker discussion forum, TwoPlusTwo, has again seen its virtual defenses breached. The site’s operators have confirmed that the forum was hacked at some point late in 2016, with the personal data then being offered for sale elsewhere on the Internet. The hacking and theft of the personal information was discovered…
The MongoDB attacks: 93 terabytes of data wiped out
The other night on Twitter, after I and others communicated concern as the number of attacks on misconfigured MongoDB installations rose to 27,000 in a relatively short period, @Cyber_War_News and I had a respectful disagreement about the seriousness of the situation: still shocked that yall shocked and fussing about the mongodb ransom spike. — CWN (@Cyber_War_News) January…
ESEA hacked, 1.5 million records leaked after alleged failed extortion attempt
Steve Ragan reports: E-Sports Entertainment Association (ESEA), one of the largest competitive video gaming communities on the planet, was hacked last December. As a result, a database containing 1.5 million player profiles was compromised. Citing LeakedSource, Steve reports that there was an alleged extortion demand, but that has been neither confirmed nor disconfirmed by ESEA…
Los Angeles Valley College Hit By Cyber Attack, Pays Ransom
I’ve been sitting on this one for a while because it wasn’t clear if any personal info was involved. CBS had reported that Los Angeles Valley College in Valley Glen was subject to a cyber attack over the winter break, but it was not known how large the breach was or its scope. Now Breitbart is reporting that…
Don’t pay the MongoDB ransom until you check to see if it’s a scam
For the past week, a number of us have been watching the explosive growth of attacks on misconfigured MongoDB installations. Victor Gevers of GDI Foundation and Niall Merrigan, a Norwegian developer, have been providing yeoman service investigating the problem, making notifications, and keeping us all apprised of their findings through their Twitter accounts. It all…