r00tbeer, a member of the hacking team, first announced on his Twitter feed yesterday that the team had hacked The Botnet (TBN), a popular forum where users discuss making money from the internet. “thebotnet.com/'s database. - https://www.dropbox.com/s/... RT/Share/Do whatever with it. #r00tbeersec” announced the hackers. TBN confirmed the hack. “Earlier today TBN was defaced... With this exploit they gained access to a sql file with a list of TBN with a list of usernames & various forum information including emails and hashed passwords,” it announced on site. “My recommendation is that you change your password immediately here on TBN. If you use your TBN password on any other sites with your registered email be sure to change those as well,” it continued.
Soon afterwards, r00tbeer’s next tweet said, “Our next target will be a large company. Stay tuned for the upcoming database dump. #r00tbeersec.” True to his word, the r00tbeer team followed this with another tweet: “#AMD - R.I.P http://blogs.amd.com , database will be released in few minutes. #r00tbeersec,” leading to AMD’s subsequent routine maintenance. The dumped database, however, was not large. “It’s a SQL database of 189 usernames and what look like PHPass-hashed passwords, apparently retrieved by foul means from AMD's WordPress-driven blog site,” said Sophos’ Paul Ducklin. “More of a hackette than a hack,” he added, “and no AMD customers need to panic, which is good news.”
r00tbeer’s damage to AMD would appear to be more reputational than severe. But Ducklin does make one interesting comment. “A few of the records also include an intriguing - but unexplained - field called user_activation_key. Whatever those are, it would be a good idea for AMD to deactivate them and issue new ones.” Perhaps these unexplained activation keys are the real reason for the AMD blog site being closed for maintenance.