Friday, July 1, 2011

Military Personnel Info Stolen from Defense Industry News Website

Hackers have broken into a network of U.S. defense industry news sites and stole sensitive user information that could be used in targeted attacks.

The targeted company, Gannett Government Media Corporation, who owns several websites including Defense News, Military Times, Federal Times, and Armed Forces Journal, notified its customers about the breach on Monday.

"On June 7, 2011, the Gannett Government Media family of websites suffered a cyber attack that resulted in some users being unable to access parts or all of the websites.

"We also discovered that the attacker gained unauthorized access to files containing information of some of our users," the company wrote in an announcement on its website.

The exposed data includes full names, user IDs, passwords and email addresses, but also ZIP code, duty status, paygrade and branch of service for subscribers who provided this information.

Since the readers of these websites are mostly military personnel, defense contractor employees, and federal government officials, the data breach can have very serious consequences.

Attackers can use the stolen information to craft believable emails that distribute information stealing malware, or search for sensitive data themselves by abusing the already exposed passwords.

The media company encourages users to change their password on all of its websites and on others where they might have used it. This prompts two different questions. Why were the passwords stored in plain text and why doesn't the company enforce a password reset across its entire network.

The incident is just the latest in a string of similar security breaches that have resulted in the exposure of login credentials. Security experts have already named 2011 as the year of hacking.

Since this breach occurred at the beginning of the month, it's unlikely that it is related to LulzSec's AntiSec campaign which calls for attacks against government and military-related websites. No hacking group has yet taken credit publicly for the attack.


View the original article here

No comments:

Post a Comment