Giving another hit to the online security, a hacktivist group lacerated ITWallStreet.com, exposing nearly 50,000 user accounts, including names, mailing and e-mail addresses, usernames, hashed passwords, phone numbers, and salary information. The attacker, who belongs to “MidasBank is in alliance with TeamGhostShell”, hacked the IT job board of the Wall Street on Wednesday, and released the compromised data saying that the attack was from an economical point of view, institutional and educational, but primary, it will focus on the financial aspect of things.
“With that being said, what better target to pick as a first release, than the place that puts all markets to shame in the world. Wall Street. IT Wall Street owned. Around 50.000 accounts compromised. The list contains both current, past, and rejected IT personal from Wall Street. The information is as detailed as ever with many other surprises in it. Please, enjoy.”
Besides the user account information, some interesting information also came out (no pun intended!) from the realm of Wall Street. This included the client information for ITWallStreet.com, listing such firms as NASDAQ, Dow Jones, Wachovia, Goldman Sachs, and Morgan Stanley. Some other files revealed thousands of phone call records apparently between recruiters and candidates, list of references supplied by the candidates, several published email exchanges referred to candidates who applied for vice-president level positions at Wall Street firms. Also revealed were the salary expectations of job candidates, which ranged from $40,000 to more than $400,000 right from the entry-level IT professionals to senior technology executives.
While this information may sound interesting to some, the evil part is that Masakaki claimed to have more than 3,000 resumes that will be trades on the black market. This might leave sensitive and personal information of users in unwanted hands, leaving them in jeopardy.
Another prominent incident of data security breach is of Yahoo Voice, where hackers were able to acquire more than 400,000 unencrypted passwords. The acquired data was then posted in the hacker site D33D Company. Aside from posting some 453,000 login credentials were made viewable by the public. Besides, we saw another data breach at Epsilon’s end that exposed the email addresses and names of customers from several large retailers and financial institutions, including Chase Bank, Best Buy, TiVo, Disney, Kroger and more.
Though security breach is bad in itself, exposing user information publicly is even more harmful. It not only causes inconvenience to the victims, but also puts their privacy at risk. We all have been taught to use strong passwords, but most people really don’t care about it. Neither do the organizations, who put their users at risk, conveniently handling their personal information in the hands of hackers. Data breach at ITWallStreet.com is yet another reminder for them to focus on their online security and give it a serious thought.