Security experts at Hold Security discovered that after Ashley Madison,97 more have been targeted by Russian hackers. The long list of breached websites includes also employment related portal
Batch Bunches of stolen data were found on a server by the organization’s examiners, said Alex Holden, Hold Security’s founder and CTO. None of the dating website are as popular as Ashley Madison, which saw sensitive organization data, messages, internal records of 30 million enlisted clients discharged in a staggering information break.As per sources these hack has no links with Impact Team, who is behind the ashley madison hack
The data breached due to product vulnerabilities, alongside a few notes written in Russian, said Holden, a local Russian speaker. The majority of the sites were breached subsequent to July 4 through around a week prior it, he said.
IDG News Service has seen the full list but is not identifying the websites. Hold Security comes across such stolen data repositories frequently in their research, but it doesn’t have the resources to contact every company named.
In numerous occurrences, Holden said his examiners have affirmed the product vulnerabilities asserted by the hackers.
Many of the sites appear to have database vulnerability that if exploited give hackers the ability to access other information stored in the systems. Those vulnerabilities are known as SQL injection flaws.
The hackers essentially “are doing what security auditors would,” by externally probing websites for weaknesses, he said.Hackers have large list of data including username and password but it doesn't appear that hackers have tried to sell the data
Hold Security specializes in informing companies when company data is available in underground markets. Information related to some of Hold Security’s clients have turned up in this latest batch.
Companies are basically concerned that their employees may use the same password for all the web services.
Although security experts advise across it, many people re-use passwords over many websites, which is unsafe if one gets hacked.It’s not clear what the hackers planning to do with this data. It doesn’t appear that they’ve stolen more sensitive data on registered users, as was the case with Ashley Madison, where sensitive profile information was dumped, including birth dates, dating preferences and GPS data.“These hackers don’t know how to monetize the data, so they steal things that they can monetize,” Holden said.
As per holden,hackers can also use the vulnerability to perform Ddos attack,which brings the website down.They can also demand ransom amount for decrypting the data.
It doesn’t appear these hackers have the same agenda as the Impact Team, Holden said. Impact Team appeared to have a very personal agenda, frequently mentioning Avid Life Media’s former CEO, Noel Biderman, who left the company on Friday.