League of Legends is hacked, with crucial user info accessed

One of the world's most popular online video games falls prey to a security breach involving usernames, e-mail addresses, salted passwords, and 120,000 salted credit card numbers.

 

Hackers have breached the system of one of the world's most popular online video games: League of Legends.
Riot Games, which developed League of Legends, announced Tuesday that some usernames, e-mail addresses, salted password hashes, first and last names, and even some salted credit card numbers have been accessed. The salted data is somewhat protected, but if users have easily guessable passwords, their information could be susceptible to theft, Riot Games warned.
The affected users are only those who live in North America. While the accessed credit card information is alarming, it pertains only to records from 2011 and earlier.

LulzSec hacker arrested over Sony attack

A second member of the LulzSec hacking was arrested by US authorities in connection with attacks on Sony Pictures Europe .

US police was arrested Raynaldo Rivera, 20, a member of the hacking group LulzSec, on charges that he took part in breach of the computer systems belonging to Sony Pictures Europe.

The indictment, which was unsealed on Tuesday, accuses Rivera and co-conspirators of stealing information from Sony Pictures Europe's computer systems in May and June 2011 using an SQL injection attack – which exploits flaws in the handing of data input for databases to take control of a system – against the studio's website.SQL injection, or SQLi, is an increasingly common technique used by hackers to break into systems.

The attack, which may have leaked credit card details for millions of users, has never been traced to any group – although Sony suggested not long afterwards that Anonymous might have been involved.Since then it has given no further details about who it suspects of carrying out the attack, and no data from the attack has ever been posted publicly.

"From a single injection we accessed EVERYTHING," the hackers said in a statement at the time. "Why do you put such faith in a company that allows itself to become open to these simple attacks?"

Authorities have said the Sony breach ultimately cost the company more than $600,000 (£378,000).
An accused British hacker, Ryan Cleary, 20, was indicted by a US grand jury in June on charges related to LulzSec attacks on several media companies, including Sony Pictures.

The rise of LulzSec saw a burst of similar "crews" aiming to hack sites, but since then Anonymous has focussed on providing an outlet for documents released by WikiLeaks.

Linkedin hacked , 6.46 million Passwords Leaked

A user on a Russian forum has claimed to have downloaded 6.46 million user hashed passwords from LinkedIn.

It looks as though some of the weaker passwords — around 300,000 of them — may have been cracked already. Other users have been seen reaching out to fellow hackers in an apparent bid to seek help in cracking the encryption.

Finnish security firm CERT-FI is warning that the hackers may have access to user email addresses also, though they appear encrypted and unreadable.

A source said they had searched and discovered their password in the cache. It has been reported that the passwords were encrypted using the SHA-1 algorithm — which is known for its flaws — but unless a password is weak, it may take a while to decrypt the remaining cache.

LinkedIn has more than 150 million users worldwide. This apparent hack could affect less than 10 percent of its user base, but it will strike a damaging blow to the ‘professional’ social network’s reputation.

Microsoft Store India Hacked, Passwords Stored in Plain Text

This week, Microsoft has found itself to be the latest victim of hacking as hackers targeted the Microsoft Store India. Owned and run by Quasar Media, the site yesterday displayed (Google Cache) this welcome message to visitors to the site:

Those responsible for the attack go by the name of EvilShadow team and appear to be Chinese. The group has not yet provided a reason for the attack, except to say that "unsafe system will be baptized." According to Windows Phone Sauce, EvilShadow managed to access the site's database where users' passwords were being stored in plain text. The group has posted a screenshot showing a sample of the stolen login credentials on its blog. Needless to say, if you're registered with Microsoft Store India, now might be a good time to change your password. Microsoft has not yet commented on the breach, and Quasar Media, the company that operates MS Store India, hasn't released a statement regarding the incident either.

Hacker Looking For US Military Documents Finds VMWare Source Code

Members from the hacktivist group “LulzSec” are at it again, as source code from VMWare’s ESX hypervisor technology has been leaked to a website used to anonymously host hacked files. According to a company blog, VMWare has said a “single file” from their ESX source code had been leaked and posted to Pastebin. The company also went on to say the source code is 8-9 years old.

Lain Mulholland, director of VMware’s security response center said the source code was publicly posted on Monday and said more code could be posted in the future.

“The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMWare customers,” Mulholland noted in the company’s blog.

“VMWare proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today.”

VMWare is pointing the finger at LulzSec hacker “Hardcore Charlie” as the culprit of the source code leak. It appears Charlie wasn’t looking for the code specifically, however. In March, Charlie had attacked a Chinese import-export company, the China National Electronics Import-Export Corporation (CEIEC). During these attacks, Charlie had copied a terabyte of data from the CEIC’s database. According to The Guardian, anti-virus company Kaspersky Lab had engaged in an IRC chat with Charlie, wherein the hacker claimed to have 300 MB of VMWare’s source code.

This chain of events suggests that the CEIEC had the source code originally. Other documents have leaked online which show what appear to be internal VMWare documents on CEIEC letterhead.

When asked why he was trying to hack into the CEIEC database, Charlie said he was trying to find information about the US involvement in Afghanistan. According to The Guardian, Charlie claims to not have strong political affiliations, but was concerned the CEIEC had access to internal documents about the US involvement.

Charlie told Kaspersky he was able to break into the CEIEC after targeting email hosting firm Sina.com. Once he and his partner, known as YamaTough, stole hundreds of thousands of credentials, they were able to crack specific accounts which they found interesting. Some of these accounts belonged to workers at the CEIEC. With this information, Charlie and Tough were able to steal a terabyte worth of data.