CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 18th, 2011

European Space Agency Website ESA.int Hacked, FTP And Email Passwords Leaked

The website of the European Space Agency (ESA) has been hacked into and a list of FTP accounts, as well as email addresses and passwords for administrators and editors have been leaked. The www.esa.int Web server was compromised by a well known Romanian grey hat hacker who uses the online moniker of TinKode.

The hacker posted details of the compromise on his blog in full disclosure style. However, the method he used was not revealed. The published data includes FTP accounts for a range of ESA subsites with passwords in clear text. A list of database users with hashed passwords was also disclosed, together with the SHA1-hashed server root password.

The site administrator and editor credentials were exposed in plain text, as well as email addresses and passwords corresponding to website user accounts. The passwords are in readable form, but TinKode took the measure of partially hiding them before publishing. There is also a list of associated proxy user names and passwords.

At the time of writing this article the www.esa.int website remains on line so it is not clear if the agency was alerted of the compromise in advance or not. TinKode is known for exposing vulnerabilities in high profile websites, the latest of which was an SQL injection in MySQL.com.

His past targets include Sun Microsystems (now Oracle), the Royal Navy, the U.S. Army and Kaspersky Portugal. ESA is not even TinKode’s first space agency, the hacker previously compromising several NASA websites.

His full disclosure style can sometimes lead to abuse. For example, an XSS vulnerability he revealed in YouTube’s commenting system went on to be exploited by 4chan users to harass Justin Bieber fans.

Credit: Softpedia.com News

Share this item with others:

More on CyberInsecure:
  • Gawker Media Compromised, Database With 1.3 Million Emails, Usernames And Passwords Exposed
  • Acer’s European Website Acer-euro.com Breached, 40,000 Users Data Stolen
  • FBI Affiliate InfraGard Website Infragardatlanta.org Hacked And Defaced, User Database Leaked
  • Computer Worm Infects International Space Station Laptops
  • ProFTPD Distribution Server Compromised For 3 Days, Sources Backdoored With Root Shell

    • Posted in Breaches And Incidents, Hacked, SQL Injections, Targeted Attacks | Print This Post Print This Post

    This entry was posted on Monday, April 18th, 2011 at 2:30 am and is filed under Breaches And Incidents, Hacked, SQL Injections, Targeted Attacks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: European Space Agency Website ESA.int Hacked, FTP And Email Passwords Leaked

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »