Hacktivist group possibly compromised hundreds of websites

A group called Team GhostShell has published data from hundreds of website databases it claims to have hacked

Login for security

Login for security

A hacker group known as Team GhostShell is publishing snippets of sensitive data allegedly stolen from the databases of hundreds of compromised websites.

The group, which previously targeted government organizations, law enforcement agencies and companies from various industries in 2012, announced in March 2013 that it was halting its activities.

In a surprise return Monday the group started posting on Twitter the names of websites it claims to have hacked as part of a new campaign, along with links to samples of data extracted from their databases.

So far the group has published the names of over 450 websites, but claims that it has hacked many more. The alleged victims range from companies to education institutions and government organizations from different countries.

Based on its Twitter messages so far, the group's goal is to demonstrate "how truly deplorable cybersecurity has become" and that Internet security has not improved despite a flood of security technologies and products in recent years.

The group published only partial information from the databases that it claims to have compromised, because it wants "to prove that they have indeed been infiltrated and to raise awareness."

Even so, the data leaked so far likely affects thousands of individuals because it including emails, user names, addresses, phone numbers, Skype names, dates of birth, and other personally identifiable information. There are also plain text and hashed passwords, depending on how the affected websites stored them.

"From first appearances, the recently released list of hacked websites seems to be random and there is no indication that any particular country or sector is being targeted," researchers from Symantec said in a blog post. "The group is more than likely hacking websites that are vulnerable. In keeping with its previous modus operandi, it is likely that the group compromised the databases by way of SQL injection attacks and poorly configured PHP scripts; however, this has not been confirmed."

Join the CSO newsletter!

Error: Please check your email address.

Tags intrusionsymantecsecuritydata breachprivacy

More about indeedSkypeSymantecTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

More videos

Blog Posts