Session Hijacking,Bypassing Login using Session Stealing`

 

What is Session Hijacking?

Session Hijacking is Stealing the existing active
Session. The main purpose of Session Hijacking
is to bypass authentication process and gain
unauthorized access to the computer or Website.
In simple words , hackers will login as some other client using their Sessions.

TCP session hijacking is when a hacker takes over a TCP session between two machines. Since
most authentication only occurs at the start of a TCP session, this allows the hacker to gain access
to a machine

Different Session Hijacking methods:
Session stealing is achieved by following methods

1. Session fixation:
In this method, the Hacker sets a user's session id to known victim. For example, Hacker will
send email to known victim with a link that contains a particular session id. If the victim followed that
link, the hacker can use that session and gain access.

2. Session SideJacking(session Sniffing):
In this method, the attacker use packet sniffing to and steal the Session cookie. In order to prevent
this, some websites use SSL(encrypts the session). but do not use encryption for the rest of the site
once authenticated. This allows attackers that can read the network traffic to intercept all the data that
is submitted to the server or web pages viewed by the client.
Unsecured Hotspots are vulnerable to this type of Session Hijacking.

3. Client-side attacks (XSS, Malicious JavaScript Codes, Trojans, etc):
Hacker can steal the Session by running the Malicious Javascript codes in client system.
Usually hackers attack some websites using XSS and insert their own Malicious Javascript codes.
In client point view it is trusted website, he will visit the website. When victim visit the link , Malicious
Javascript will executed. It will steal the Session cookies and other confidential data.

4. Physical access:
If the hacker has physical access, it is easy for him to steal the Session. Usually this will
occur in public cafe. In public cafe , one use login to some websites(facebook, gmail). A hacker
come after victim can steal the session cookies.
Session Hijacking using Firesheep-Mozilla Addon:
Firesheep is Famous Mozilla addon that made Session Hijacking very easy. Using Firesheep , you
can steal the Session of Public WI FI users. Using Firesheep, you can gain access to victim account
of the Facebook, twitter and some other websites.

Update: Axis Bank ATM Hackers Operated from Hyderabad

UPDATE: Even as you're reading this, cops from the Oshiwara police station, located in suburban Mumbai claim to have traced the hackers to Hyderabad. Further reports suggest that not only did the hackers manage their entire hack operation from Hyderabad, but were also Nigerian nationals. Their exact location in Hyderabad hasn't been traced yet. Adding to these details, a report in the Mumbai Mirror also states that the usual modus operandi of such a scam would be either placing accomplices at banks and other call centres, or acquire a duplicate security strip, placed at the back of a debit card to get all personal debit card details. In what comes as a shocker to several Mumbaikars who quite routinely withdraw cash from the Axis Bank ATMs dotted across the city, it is being learnt that the security of the ATM systems of the bank have been compromised. According to a report in the Mumbai Mirror, the first set of complaints has been coming from Oshiwara, located in suburban Mumbai. The ATM in question located in Oshiwara incidentally happens to be at a stone’s throw distance from the Oshiwara Police Station. Exercising caution.. Over the month, the report stated that several irate customers began filing complaints after they realized that the money withdrawn by them from the ATM and the money, a much larger amount that got actually debited did not match. Apparently, the repeated complaints did not draw much action from the cops, initially but when one of the cops in the station itself (Asst. Inspector, Sanjay More) got duped, the cyber crime cell was called in.  According to a statement that a spokesperson from the bank provided to Mumbai Mirror, it was revealed that the ATM at Oshiwara wasn’t the lone one affected. Several other Axis Bank ATMs across the city are now being speculated to be among those affected. Although the mode, and any other specific details of the hack haven't come through, what is being spoken about, albeit in hushed tones is the use of an external device that records all details of a customers card on swiping. The bank has, as on August 1, 2011 filed an FIR with the Cyber Crime Cell.  With statistics being as worrying as the loss of over Rs. 8 lakh in less than a month, this news of the security being compromised has again raised the issue of lack of security present. Have you been affected by the hack? Do let us know in the comments section below.

Anonymous' Attack Causes Leak of 90,000 Emails

An attack by "hacktivist" group, Anonymous on government intelligence agencies like the CIA and Mi6 has caused the leakage of 90,000 military emails. Anonymous is calling the first wave of meltdowns (to download, click here, it's a PirateBay link) #MilitaryMeltdownMonday (they promised to release the emails Monday night IST). They targeted consulting firm Booz Allen Hamilton that works often with the US Department of Defence and National Security Administration and gained access to 90,000 military emails, 4 GB of source code, as well as login information that would allow Anonymous to hack into more areas of the community's digital infrastructure.

90,000 emails in one hack

Here is Anonymous's take on the attack:

"We infiltrated a server on their network that basically had no security measures in place. We were able to run our own application, which turned out to be a shell and began plundering some booty. Most shiny is probably a list of roughly 90,000 military emails and password hashes (md5, non-salted of course!). We also added the complete sqldump, compressed ~50mb, for a good measure."

One of the things that Anonymous found in the Booz Allen Hamilton servers is the company's association with security company, HBGary. The two companies were working together to propose a program that would allow security teams to control "sock pupper" identities in social media spaces where they would steer conversation from certain topics. One way or another, Anonymous confirmed that because of this program, all U.S. military personnel will now have to change their passwords.

1.3 Million User Details Leaked as Washington Post Suffers Hack

In an official announcement on their website, it Is learned that the Online Jobs section on Washington Post's website was hacked last week between June 27 and June 28. Although the section was shut down with immediate effect, it has been found that the unidentified miscreant had accessed nearly 1.3 million email addresses, in addition to the user IDs.

Hacked.. 

However having said that, Washington Post clarified that the personal data, and passwords remained untouched. In a detailed report posted on their website, Washington Post revealed that it had informed all its users about the data breach via email, and also assured that the website had implemented extra security measures to avoid a hack in the future.

Washington Post is one of the most widely read, and subsequently the largest newspaper in Washington D.C. That perhaps, explains that huge size of their user base, on their online portal. This hack comes in the wake of security breaches affecting governmental, financial social sites, and hence is a worrying trend.

Hackers for Good Build Applications for Humanity

Google have recently announced that thousands of hackers gathered in more than 19 different global locations from Berlin to Nairobi, and Sydney to Sao Paulo. The Hackers for Good (as they are known) have participated in Google’s Random Acts of Kindness #3 by working with NGOs and government advisors to finish their applications for humanity.

Group Photo of the participants (Image Credit: Google)

This Google event has taken place in partnership with Microsoft, Yahoo!, Hewlett-Packard, NASA and the World Bank to form the Random Hacks of Kindness (RHoK) program that was started in 2009. The RHoK was started to build and support a community creating open source technology for crisis response and at RHoK #3, they expanded the mandate to include climate change. With RHoK #3 they announced that they are broadening the scope in the future to tackle any development challenges.

Google says that of the more than 75 solutions submitted for judging at this year’s global events and many are already on their way to making a difference around the world. They go on to say that the UN in association with the Columbian government is considering adopting the shelter management system developed at RHoK Bogota to aid the 3 million victims of winter flooding in South America. Of the nine hacks submitted for judging at RHoK Sao Paulo, two are already in use and two others may be further developed and incorporated into the restructuring of the National Weather Service. The document submitted by Google says that the winning application at RHoK Philadelphia, which was developed in response to a problem proposed by the World Bank Water group, is set for further development at the WaterHackathon, RHoK's first community-sponsored event, later this year.

The RHoK community

Three winners were selected at the RHoK Silicon Valley event at Google’s Mountain View campus. The first one was for SMS Person Finder which enables anyone with a phone to interact with Person Finder, a software application that Google built to help people connect with their loved ones following a disaster. The second one was the Hey Cycle which helps in making it easier for people to reuse and recycle items by setting up email alerts when free items that they’re looking for are entered on freecycle.org. And, the third one was for FoodMovr which helps in connecting people with excess food to others who need it through a simple live application.

Google says that they were proud to be one of the founding partners and ongoing sponsors of Random Hacks of Kindness and look forward to seeing these applications make a difference. To know more about Random Hacks of Kindness, log on to RHoK.org.

PayPal UK Twitter Account Hacked

Twitter accounts seem to be the latest victim of hackers with the PayPal UK Twitter account being seized. A day after it was reported that the Twitter account of Fox News Politics was hacked, cyber criminals have now defaced the Twitter account of eBay’s PayPal UK account. According to a report, hackers had seized the account and began tweeting messages to its 17,000 followers.

PayPalUK Twitter account now seized!

Hackers posted tweets that go on the lines of 'PayPal can freeze your funds for no reason, do not use PayPal!' Other tweets include "exposing the nightmare of doing business 'the PayPal way," and the profile information was changed to 'The official twitter account for the fail team at PayPal UK.' The report suggests that the account was hacked to promote a website called paypalsucks.com. The site questions PayPal’s payment processing business practices, as well as provides alternatives to the site.

The account has been suspended and a PayPal UK Anuj Nayar, Director of Communications said that PayPal UK's Twitter feed was targeted by hackers and that PayPal would like to reassure all their customers that PayPal’s UK customer systems and data have not been breached or hacked in any way. There is no link between customer systems and their Twitter account.

NATO Hacked Again! This Time by Team Inj3ct0r

It was reported a while ago that a website that was related to NATO (North Atlantic Treaty Organization), e-Bookshop, had suffered a data breach. This time around a hacker group called Team Inj3ct0r claimed responsible for targeting a NATO server with a private zero day exploit. They have posted a leak backup of 2646 files obtained from the server on file hosting website Media Fire.

Team Injector hacks NATO server!

According to the report by The Hacker News, their reasons for hacking is the development and financing of nuclear weapons. They claim to have hacked the server Apache Tomcat Version 5.5.9 using a 1337 day pivotal exploit which is a zero day exploit. A zero day exploit is basically a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or the software developer. They go on to claim that they are also able to deface the NATO website but will not do so. They claim they will just take the backup of the server and distribute it on the Internet.

Things are not looking so good for the North Atlantic Treaty Organization, since this is the second time they have been hacked ever since their public speaking out in their New Strategic Concept conference in Lisbon. The organization said that Anonymous should be included in the same list as Al Qaeda and the Taliban.

For more information on the Anonymous and other hackers, click the link here.

Apple Inc. Hacked

In what comes as an addition to the string of high-profile hacks, is the security breach that has hit the iPad manufacturer, early today. Hacking group, AntiSec – formed out of the union of former group, Lulz Security and Anonymous, claimed responsibility for the breach. Caught unawares! AntiSec claims that it gained advantage over a security flaw in a software used by Apple. However, AntiSec also stated that the hack attempt wasn’t a full-fledged one, and was just done to expose Apple’s flawed security system, and that Apple is a ‘later target’. Wall Street Journal reports that, the hack outfit put up a release revealing around 26 administrative usernames and passwords.

Hacking of Fox News claimed by group with links to Anonymous

The fake messages about President Obama's assassination on the Fox News account

A group loosely connected to the hacker collective Anonymous says it took control of the Fox News Politics Twitter account to claim that President Obama had been assassinated while campaigning in Iowa.
The Fox News Politics account – @foxnewspolitics – was used to put out a number of fake tweets saying that President Obama had been shot in the head and died, and that vice-president Joe Biden had been installed in his place. The tweets went out at around 2am Pacific time (5am EST, 10am BST). Obama is in fact thought to be in Washington at the White House, where his schedule shows he is due to give a speech in the Rose Garden at 6.30pm.
A representative of the group 'Scriptkiddies' said in an interview with Stony Brook University's Think Magazine: "We are looking to find information about corporations to assist with antisec [a concerted hacker attack on corporate and government security]. Fox News was selected because we figured their security would be just as much of a joke as their reporting."
He warned too that Fox News might see more attacks: "I've looked into their security, and site defacement does not seem to be an option. Everything else is fair game."
The Script Kiddies representative added: "I would consider us to be close in relation [to Anonymous], two of the members of our group were members of Anonymous ... I was a member of Anonymous. We hope to be working with them soon."
'Script kiddie' is a generally insulting phrase used by hackers about inexperienced would-be hackers who used ready-made programs to attack sites. The group's name here plays on that.
The attack is the latest in a rapidly growing list of attacks this year on the online presence of corporations and governments since Sony's PlayStation Network was hacked in April, exposing the details of more than 75 million users. Since then many other game and company sites have been hit, with varying degrees of disruption.
The Script Kiddie representative told Think Magazine: "It will be a never-ending battle. The names change from time to time, like LulzSec and Anonymous or Script Kiddies. But there will always be a group of people that need to stand up for everyone else and attempt to keep the government in balance with its people. Without groups like Anonymous, what is there to prevent corruption?"
The group tried to create a number of Twitter accounts, but they had all been suspended wtihin hours of being created.
Meanwhile, "AnonymousIRC" – thought to be composed of some of the leaders of LulzSec – has continued to attack web systems belonging to the Arizona police. They also leaked the user names and encrypted passwords to a survey system belonging to Apple, saying: "Apple could be [a] target, too. But don't worry, we are busy elsewhere."

NSG Website Suffers Breach

Adding to the string of high-security breaches is the data breach of the official website of India’s foremost, special-trained counter terror and anti-hijack commando force, the NSG (National Security Guards). The officials of the NSG unit, although not completely sure, suspect a hacking attempt most likely to have hit their systems.

Secure?

According to a report in Hindustan Times' Delhi edition, the website, www.nsg.gov.in, in addition to the official e-mail domains are feared to be compromised. The website, however, is being claimed to be the least affected, and as a safety precaution, the passwords of the official emails of NSG units are being reset. Although, there hasn’t been any confirmation on the miscreants behind the breach, initial probe carried out by the NSG unit have traced the links to outside the country.

Headquartered in Delhi, the NSG unit is presently one of the most elite anti-terror units. The NSG site is being maintained by the technical wing of the NSG force, in association with the National Informatics Centre (NIC). You will recollect that the famous hacking outfit, Anonymous had breached the data of the NIC, too, sometime last month. This was in addition to the hack at the CBI (Central Bureau of Investigation) website.

Increasing instances of data breach on the official website of various government units pose a serious threat to the flawed claims of security, and has in the process discovered many loopholes.

Anonymous Establish Snitch Sites

Online activist group Anonymous have been a lot in the news lately, most recently for their teaming up with hacker group LulzSec and posting sensitive data about various governments and other high profile targets. Now, a subgroup of Anonymous has started two ‘leak’ websites which contain sensitive data from governments and corporations. These groups are localleaks.tk and hackerleaks.tk.

Hackers helping hackers!

According to a report, the Local Leaks website contains information pertaining to corruption and wrongdoings such as police brutality, work place harassment, etc. at a local level. Users can submit information anonymously and the site states that their first priority is to provide a safe, secure and anonymous way for local government or corporate employees to disclose sensitive information.

The Hacker Leaks website is a place where hackers can disclose sensitive data they obtain. The site states "Hackers helping hackers to leak material of interest. You download it; we’ll disclose it for you.” The site received its first submission which was a list of personal information of Orlando, Florida officials. Anonymous have targeted several Orlando sites in protest of the arrests of members of the group Food not Bombs.

Commander X, Editor-in-Chief of the sites claims that they don’t obtain the material and that they merely publish it. Thereby further stating the fact that these websites do not violate any law.

For more information on Anonymous and other hacker groups,


Hackathon
After the Sony PlayStation Network was hacked, hacker group LulzSec and Anonymous have literally wrecked havoc on the Internet. What may be the hacking coalition of the year, Anonymous and LulzSec together announced the forming of AntiSec. These two 'organizations' have forged what some companies would term an 'unholy-alliance' .

Along with Anonymous and LulzSec many other groups are also attacking and disrupting Internet sites. These hacker groups are mainly targeting the sites for fun using Distributed Denial of Service (DDoS) attacks. They claim that this form of attack are their most abundant but most mild.

Al-Qaeda Hacked!-Now what left

The online communication platform of the global militant, Sunni Islamist group, Al-Qaeda was brought down by a group of ‘seasoned’ computer hackers. The militant group has since been unable to manage their flow of videos, and other communications.

Caught off guard..!

According to a report in msnbc.com, Evan Kohlmann, from Flashpoint Global Partners, the firm monitoring Al-Qaeda’s communications, stated that, “Al-Qaeda's online communications have been temporarily crippled and it does not have a single trusted distribution channel available on the Internet.” It was further learned that, the nature of the hack wasn’t like the usual modes, which were observed. Instead, the hack was almost an ‘unusual cocktail of relatively sophisticated techniques’, in Kohlmann’s words. Although, any kind of detail about the hacker(s) is still out of the reach of the investigators, it is for sure that the militant group will take long to get their systems up and running again.

This attack comes a year after Al-Qaeda’s online system suffered a hack attack of a similar nature. At that time, it was found that the U.K. government had replaced the bomb-making recipe on the site, with that of a cup cake. And, even then, it took a while for the militant group to put their site back on track.

Anonymous: Wikileaks Censorship Will Trigger 'Operation Malaysia'

An attempt to censor Wikileaks, which was considered to be a crucial whistle-blower medium has now forced the Malaysian government to pay a hefty price. Hacker group, Anonymous, in a bid to ‘teach them a lesson’ have threatened the government that continuation of the censorship on Wikileaks would lead them to ravaging the Malaysian government’s official website, and begin ‘Operation Malaysia’.

Operation Malaysia

In the wake of the threat, the Malaysian government has increased the security manifold, and has vowed to delve into the depth of the matter. Anonymous activists have gone ahead and stated that the threatened hack would take place from Wednesday 1930 GMT on the Malaysian government’s online portal.

Further elaborating on their intentions, Anonymous posted that off late the Malaysian government has been going down quite fiercely on the internet freedom given to its citizens. The Malaysian Communication and Multimedia Commission (MCMC) has been imposing censorship on films and television shows, and has also added several snips to the functioning of file-sharing websites, and has been prosecuting bloggers. These moves have supposedly invited the ire of the hacking group, as they believe it to be going against the very ideology of human rights.

Anonymous has been circulating its video titled, 'Operation Malaysia'. The video was posted by a user named TechUnderscored, and its content reads-

“We have seen the censorship taken by the Malaysian government, blocking sites like The Pirate Bay, and WikiLeaks.
“Malaysia is one of the world’s strictest governments, even blocking out movies, and television shows.
These acts of censorship are inexcusable.
“You are taking away a basic human right. The internet is here for freedom, without fear of government interference."

Scroll down to catch a glimpse of the same:



Source: free malaysia today

LulzSec Targets Gaming Websites in its Titanic Takeover Tuesday

The number of websites targeted by LulzSec is steadily increasing. After targeting Bethesda, Sony and a whole lot of websites, they have now launched a series of distributed denial of service (DDoS) attacks on Escapist magazine, as well as other gaming websites. They have termed the day – Titanic Takeover Tuesday.

Many websites attacked in a single day!

According to a report, LulzSec took down systems at the Escapist during a three-hour long distributed denial-of-service rampage that left gamers annoyed. The attack on Tuesday on the Escapist magazine started because users were voicing their anger regarding the taking down of Bethesda, wtith one user, Psychicflash666 saying, “I want them caught and punished, a few years in jail for people like that would be hell.”

In response to the outrage by gamers, LulzSec posted a tweet on their Twitter page saying, “Welcome to #TitanicTakeoverTuesday where everyone is laughing at crybabies getting Lulz Cannoned!”

Through their Twitter feed they invited people to call them up and suggest new targets. They tweeted claiming that they had received 5000 missed calls and 2500 voicemails on Tuesday. The sites that were hacked on their Titanic Takeover Tuesday were Escapist Magazine, Eve Online, Minecraft, and League of Legends.

NIC Servers and Indian Army Official Website Hacked

We last reported about the hack outfit, Anonymous, hacking into the data of National Informatics Centre (NIC). Today, it has been learned that the official website of the Indian Army has been brought down owing to a successful hack attempt by Anonymous.

A screenshot of the data compromised..

In addition to the official site of the Indian Army, Anonymous also managed to bring down the entire server of the NIC. The group addressed a letter to the Indian government citing the hack to be an answer to the rising instances of corruption in the country.

The letter, addressed to the Indian government reads:

We are Anonymous Again.

To the People of India and Government,

You Have Underestimated the Power of people.You thought First NIC Hack by Anonymous was Playful act, "THINK AGAIN".

We are not here to Play with anyone.We are here to send a Message to all the people who support the Anti-corruption bill. We took Down Indian Army Officail Site and NIC knows more what we did.We do not support anyone, We Support Only The Anti-Corruption Bill.No one can speak for Anonymous, Nothing is Official.

We are Not the "FALME", We are just a "SPARK".Stop Your Brutal Voilence and Blame games.Anonymous are the people.

We do not forget.
We do not forgive.
We are legion.
Expect us

Additionally, the outfit claims to have access to all data stored on the NIC servers, and has threatened to leak all of it. Anonymous has also posted a video press release addressed to the government criticising the corrupt, and laid-back nature of the Indian government, and has stated their hacks as attempts to better the situation in the country, and ensure the success of the Anti-corruption bill. To view the video, click below:



Source: The Hacker News

Sony Pictures Confirms Data Theft of 37,500 User Accounts

Last week we reported that hacker group Lulzsec had breached Sony Pictures websites with them gaining access to a number of user details found on Sony servers. Sony Pictures have recently released a statement confirming the authenticity of this breach. Sony issues notice to 37,500 affected users The statement from Sony Pictures reads that they have provided notice to the approximately 37,500 people who may have had some personally identifiable information stolen during the recent attack on sonypictures.com. It also states that Sony Pictures Entertainment (SPE) did not request for any information, and that the stolen information did not include any credit card information, social security numbers or driver license numbers from these affected people. The statement goes on to say that they are continuing to investigate the details of this cyber attack; however, they believe that one or more unauthorized persons may have obtained some or all of the following information that users may have provided to them in connection with certain promotions or sweepstakes which include user’s name, address, email address, telephone number, gender, date of birth, and website password and user name. The company ended the statement by saying that they thank users for their patience as they complete their investigation of this cyber attack, and that they regret any inconvenience caused. To know more about the recent hackings on Sony, click here.

Citibank Hacked!

In a revelation made today, Citibank confessed that its database has indeed, been hacked. As per the company’s statements, the officials fear the most crucial details to be compromised. The details include the names of the customers, their account numbers, and other contact information, like the e-mail addresses of the customers. Citibank officials discovered the breach of confidential data in May, during their routine monitoring sessions. The organization, however, stands firm on their claim of the Social Security numbers being safe, in addition to the birthdates or security codes of their customers.

Citi that got hacked..

Considering the popularity of Citibank and its various services, it wouldn’t take long to conclude that the impact of the hack, although not clearly out yet, will be widespread. Citibank has issued more than 150,000,000 credit cards globally, and if the figures add up, the number impacted by the breach stands very high. Citibank claims that around 1 per cent of its 21 million global customers stand affected from the breach, which still comes to a whopping 210,000 individuals.

The bank, since the revelation has been facing a lot of flak from the customers for keeping them in the dark for so long about the breach.

Source: The Hacker News

Anonymous Hacks Government Website to Protest Against Corruption (india)

The world’s most popular online activist group Anonymous, best known for their hack on the PlayStation Network; have come out in support of a move against corruption in India by breaching an IT website of the Indian government - National Informatics Centre (NIC, INDIA).

These guys mean business. Image Source

According to the Hacker News, Anonymous posted an image on the website with their logo along with a statement to the Prime Minister Manmohan Singh saying that this time they speak to the government of India through the NIC homepage and sub-domains. The post also goes on to say that there was no use trying to secure the websites or the need to get in forensics to help resolve the situation. The last line seems like a direct taunt at the government with the image saying that they do not like to talk too much and that it was their world, so expect them.

The realease that was sent out

According to their Twitter posts, the group hacked the website in retaliation to the attacks on Baba Ramdev and to awaken the government. They have also started a movement on Twitter named OperationIndia and have also started a group on Facebook - http://www.facebook.com/OperationIndia. Anonymous have even issued a press release stating their cause and their intentions to fight against the removal of corruption in India in all its forms. They also stress on their support to Anna Hazare and Baba Ramdev and other individuals who support the Jan Lokpal Bill. One of their requests included the request for severe punishment to be doled out to corrupt officials.

Tweeting for unity. Image Source

Anonymous warned the government through their press release that until the above demands were met they wouldn’t stop the attacks on the websites. They ended the press release by saying that Anonymous and the people of India are speaking now.

However, irrespective of all the publicity the situation is bound to get, the NIC website seems to be back online and normal as of now.

Acer Hacked; Hackers Assure a Press Conference in 24hrs

Security seems to have become the bone of contention for the major players in the tech space, today. It is if there isn’t enough mockery made out of security in the recent PSN hack case, that yet another player in the market has had its security compromised. In yet another instance, popular technology brand, Acer is now finding itself grappling with a data breach that has reportedly cost it the details of over 40,000 customers. The details compromised includes their names, addresses, phone numbers, e-mail addresses, as also the names of the products purchased by the customers.

A screenshot of the data compromised

As reported by The Hacker News, the hacking group, Pakistan Cyber Army is a well-known hacking outfit. Although, the motive behind the attack is still unclear, the hackers themselves have assured a detailed press conference to brief others about their motives, to be arranged very soon. At the press conference, the hacking group intends to give out all the data that’s in their possession.

This latest attack has exposed as to just how flaky is the security of most data, supposedly locked up in the systems of these major players in the space.

A Series of Sony Websites Hacked

Sony recently announced that the restoration of the PlayStation Network would be complete by the end of this week; however, the multinational corporation has been victimized yet again with a number of their websites including Sony Pictures, Sony Music Belgium, and Sony Music Netherlands being hacked. Hacker group Lulzsec has claimed responsibility for stealing information of around 100,000 users’ personal information that includes passwords, email addresses, home addresses, dates of birth, as well as Sony optional information that is related to their Sony accounts. Lulzsec has set sail for Sony to fail! The group has been promising attacks on Sony since a week claiming “the beginning of the end for Sony.” According to Lulzsec’s post on Pastebin, in addition to the stolen user data, the group is also in possession of admin details of Sony Pictures (including passwords) along with 75,000 'music codes' and 3.5 million 'music coupons.’ Lulzsec said that they did not have the resources to copy all the information but are posting samples to prove the information gathered is genuine. More information could have been gathered but it would take several more weeks to be acquired. The hacker group said that gaining access to the network wasn’t a difficult task and all it required was a single SQL injection. What was worse was that every bit of data they took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. Criticizing Sony’s security measures the hacker group said that this was disgraceful and insecure and Sony was asking for it. Lulzsec posted on their Twitter page that they would accept contributions in the form of BitCoin virtual currency that will be used to help it do more hacking. This comes as major blow to the company that has announced the restoration of its PSN services