Forbes Data Breach Impacts Over 1 Millions Accounts

Today The Syrian Electronic army via their Twitter account @Official_SEA16 announced that they have leaked the Forbes WordPress user database not long after it was announced that they had managed to hack their website.

Eduard Kovacs from Softpedia has stated that the leak has a been uploaded to an IP address (91.227.222.39) which was also used last year in a defacement on http://marines.com/ as well.

This breach is quite substantial and includes 1,056,986 unique emails addresses and accounts with 844 of them being government (.GOV) and 14,572 educational accounts (.EDU). In addition, the dump contains credentials from a Forbes wp_users database and contains 564 Forbes.com based emails including administrators accounts.

Forbes has posted a statement to their Facebook page regarding the breach urging all users to reset their password on the Forbes network and on any other sites they may have used the same credentials.

Security message: Forbes.com was targeted in a digital attack and our publishing platform was compromised. Users’ email addresses may have been exposed. The passwords were encrypted, but as a precaution, we strongly encourage Forbes readers and contributors to change their passwords on our system, and encourage them to change them on other websites if they use the same password elsewhere. We have notified law enforcement. We take this matter very seriously and apologize to the members of our community for this breach.

As Eduard points out that although the passwords are encrypted, the email addresses are still very useful. In addition, it is not clear the type of the encryption used and there is still a potential that they can easily be decrypted. It is clear that this breach has the potential to pose a significant risk for many of their users.

Breakout of just a few type of email domains:
844 .GOV
14,572 .EDU
91,464 hotmail.com
3,460 mac.com
185, 271 yahoo.com
407,787 gmail.com
25,050 aol.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: