Updated today 17:01.
Published today 16:48
One evening in the living room.
Video store chain Hemmakväll has suffered a serious hacking. The customer register of nearly 50,000 people, complete with encrypted passwords and personal data, is now open online.
Video store chain Hemmakväll has suffered a serious hacking. The customer register of nearly 50,000 people, complete with encrypted passwords and personal data, is now open online.
The customer register had entirely been published since Friday. But first, on Wednesday afternoon, then DN informed Hemmakväll, the company discovered what had happened.
Shortly after the site was closed temporarily down.
Ad:
The file is spread contains data on close to 50,000 customers who have registered on Hemmakvall.se. It includes full name, email address, street address, phone number and details of when the person signed up.
Moreover, where a password that is “hashed”, which can be likened to a encryption. But in earlier leaks have people who have come across the register immediately started trying to crack the encryption. When it is successful, the attacker over the correct password in clear text.
Among the email addresses of the leak are several belonging to the police, parliament, ministries, large municipalities and authorities that the Swedish Tax Agency and Social Insurance. Two of them belong to the Swedish armed forces, one of which belongs to a lieutenant colonel.
The leak exposes not email the password itself. But after similar databases have been hacked before has it been shown that many people use the same password to their professional email boxes to completely different sites. There is therefore a risk that the attacker uses leaks like these to intrude on people’s private and professional emails.
– I regret to confirm that our trading systems have been hacked. We really regret it, and we look seriously at it, says Jaana Thoren, Marketing Hemmakväll.
The intrusion reported to the police on Wednesday afternoon. Security hole in the software, e-commerce platform Magento who runs the site, should also have been rectified before it started again. The supplier must have discovered the security hole that hackers exploited recently.
– But unfortunately he we be chopped before it was discovered.
Jaana Thoren says that the encryption of the passwords is powerful and tone down the risk of that they be broken. But Hemmakväll will still take action.
– Because safety is so very important for us, we have begun work to change all the passwords, she says.
Hemmakväll operates over 100 video rental stores across the country. The company had sales last year 459 million crowns. The site has served as an e-commerce site for, among other things, purchased Hollywood films.
It is unclear who is behind the intrusion. Register disseminated via a website specializing in stolen information, which in its presentation says he is looking to make the public aware of the danger of leaks. But nothing suggests that the people who run the site would be behind the infringement itself.
It is also not known to what extent the attackers have begun to crack passwords. How complicated and time-consuming it is dependent on a number of factors, how advanced the password selected by the user, the computer capacity attacker has access to and how well-designed Home Evening systems.
No comments:
Post a Comment