Team GhostShell leak One Million Records From Over 100 Websites
Team GhostShell is claiming to hack into more than 100 corporate and public affairs websites. The list of websites include websites of major U.S. institutions, major banking institutions, accounts of politicians, Manufacturing firms. etc. Hackers have also leaked sensitive data taken from website online.
This group is said to be linked with popular activist group Anonymous. They also claimed that the data is also leaked to other hacker groups including its subsidiaries, MidasBank and OphiusLab. According to report published on Imperva, the dumps includes administrator login information, usernames and passwords, files and documents from a variety of content management systems and, most worrisome of all, a large amount of banking information, including credit histories and current standing information.
When we looked the dumped leaked online, we came to know that they used SQLmap tool. This is a hacking tool which is used to exploit SQL injection vulnerability from websites. It is hard to count how many data has been leaked but it seems that the record contains more than 30,000 users’ details. Most of the stolen content did not contain sensitive information. But admin and use login detail is more than enough sensitive.
The group called this operation ‘’ Project HellFire ’’ as a “Final Form of Protest this Summer Against the banks, politicians and For all Fallen Hackers This Year.” They also announced that this hacking attempt is only the beginning of their attack, the group will continue to co-ordinate with world’s most advanced and powerful hacker group, Anonymous for two more big attacks planned later this year.
According to statement by the GhostShell the attacked websites includes WallStreet, CIA Services, MIT, Consulting Firms, Political Advisors, Security Companies, Corporations, Weapon’s Dealers, Laboratories, Internet Hosting Services, Academics, Banks, Police Departments, Aviation, The Navy, Stocks Exchange, Bonds Exchange, Markets, Emirates Organizations, Various Businesses, Hedge Funds, Estate Agencies, Public Affairs, Robotics, etc.
“Team GhostShell’s final form of protest this summer against the banks, politicians and for all the fallen hackers this year. With the help of it’s sub-divisions, MidasBank & the newest branch, OphiusLab. One million accounts/records leaked. We are also letting everyone know that more releases, collaborations with Anonymous and other, plus two more projects are still scheduled for this fall and winter. It’s only the beginning,” They announced.
This attack has also shown the use of common and unsecure passwords. Most of the records used password ‘123456’. Every year we see this as most common password used online.