r00tbeer strikes again - twice

r00tbeer announces the exploits on his Twitter feed. Early yesterday evening (BST) he said, “http://www.philips.com  Database dumps - http://www.mediafire.com/?x8e42upwm25ap4f … includes 197,000+ emails. RT/Share. #r00tbeersec.”

Around midnight he announced, “http://TheStudentRoom.co.uk  hacked. Users dump can be found at http://www.mediafire.com/?esp9r8pbb4ghs20 … @studentroom @TheHackerNews @SoftPedia.”

These hacks are potentially more damaging than the earlier ones. Like AMD, the Philips hack is quite small; but unlike AMD the passwords were not encrypted. Upwards of 350 email addresses and passwords of Italian customers who had purchased Philips flat-screen TVs a few years ago were posted in plain text. Other details, such as the email addresses, names, postal addresses, birthdays and phone numbers of about 300 Philips customers from Scandinavia and Finland were also dumped. While no passwords were included here, it opens the possibility of future social engineering attacks against these customers.

Less is currently known about the Student Room dump. At the time of writing, there is no information about the hack on The Student Room site (nor anything on the Philips site). Mediafire has removed both dumps. EHN reports that the Student Room dump was about 82 MB in size; but we may have to wait for further analysis from researchers – or indeed from r00tbeer or other hackers – who got hold of the data while it was available on Mediafire.

The proceeds of the r00otbeer hacks have so far always been dumped on Mediafire. This is an intriguing choice, since Mediafire is quick to remove such files. At the time of writing this, none of the r00tbeer hacks are on the site. This doesn’t mean that other hackers who might want to make use of stolen details cannot do so, but the window for getting hold of the dumped files is quite small. If r00tbeer wanted the dumps to persist, there are many other destinations he could chose.

What’s hot on Infosecurity Magazine?