Thursday, July 14, 2011

Hacker Leaks User Accounts from Toshiba's Website

A hacker has managed to break into a website belonging to consumer electronics giant Toshiba and leaked the login information of registered users.

The hacker, who uses the online handle of V0iD, dumped the account information in two pastebin posts. The information was extracted from the database of the Toshiba America Consumer Products (TACP) website (tacp.com or tacp.toshiba.com).

The site is now offline, but, according to snapshots in Google's caches, it was owned by Toshiba America Consumer Products, L.L.C., apparently a different company than Toshiba America Information Systems which is listed on us.toshiba.com.

If TACP is an older site that Toshiba kept around for historic purposes, this might explain why all passwords extracted by V0iD were stored in plain text instead of being hashed.

The hacker claims that one database table called "Tbl_Gb_Users" had 5203 entries consisting of emails and passwords. He leaked around 350 of them and only reached letter b.

That same post also exposes eleven administrative credentials all with @tacp.com email addresses and plaintext passwords.

The hacker says there were a total of 14 user tables in the database. The second pastebin dump contains almost 450 email addresses and passwords allegedly taken from a table called Public_Users.

V0iD notes that this is only 10% of the list and that more will be revealed in another post. One of the users whose passwords were exposed has a @nasa.gov email address, while another has a @moody.af.mil (Air Force) one.

The hacker also leaked a list of Toshiba certified services, complete with address, email, password and administrator's name. It's worth mentioning that he also broke into the Pakistani National Assembly website and published administrative credentials stolen from it, including plaintext passwords.


View the original article here

No comments:

Post a Comment