Monthly Archives: February, 2014

Over 822 Million Records Exposed In 2013

The Data Breach QuickView report was just released and is possible through the partnership and combined resources of Risk Based Security and the Open Security Foundation. It is designed to provide an executive level summary of the key findings from RBS’ analysis of 2013’s data breach incidents. You can view the announcement and report here.

Forbes Data Breach Impacts Over 1 Millions Accounts

Today The Syrian Electronic army via their Twitter account @Official_SEA16 announced that they have leaked the Forbes WordPress user database not long after it was announced that they had managed to hack their website.

Eduard Kovacs from Softpedia has stated that the leak has a been uploaded to an IP address (91.227.222.39) which was also used last year in a defacement on http://marines.com/ as well.

This breach is quite substantial and includes 1,056,986 unique emails addresses and accounts with 844 of them being government (.GOV) and 14,572 educational accounts (.EDU). In addition, the dump contains credentials from a Forbes wp_users database and contains 564 Forbes.com based emails including administrators accounts.

Forbes has posted a statement to their Facebook page regarding the breach urging all users to reset their password on the Forbes network and on any other sites they may have used the same credentials.

Security message: Forbes.com was targeted in a digital attack and our publishing platform was compromised. Users’ email addresses may have been exposed. The passwords were encrypted, but as a precaution, we strongly encourage Forbes readers and contributors to change their passwords on our system, and encourage them to change them on other websites if they use the same password elsewhere. We have notified law enforcement. We take this matter very seriously and apologize to the members of our community for this breach.

As Eduard points out that although the passwords are encrypted, the email addresses are still very useful. In addition, it is not clear the type of the encryption used and there is still a potential that they can easily be decrypted. It is clear that this breach has the potential to pose a significant risk for many of their users.

Breakout of just a few type of email domains:
844 .GOV
14,572 .EDU
91,464 hotmail.com
3,460 mac.com
185, 271 yahoo.com
407,787 gmail.com
25,050 aol.com