In May of this year, sophisticated attackers breached a large Internet hosting provider and gained access to internal administrative systems. The attackers appear to have been after customer record information such as usernames, emails, and passwords.
While these internal administrative systems had access to customer records, discovery of the attack and certain security implementations mitigated the scope of the breach. Customer passwords were accessible, but these passwords were hashed and salted making mass password cracking difficult. Customer financial information was also accessible, but encrypted. Unfortunately, access to the encryption key cannot be ruled out.
While breaches of organizations and mass customer record dumps are posted almost daily, this particular attack was more sophisticated than we have seen in the past.
Learn more:
- http://www.scoop.it/t/securite-pc-et-internet/?tag=Linux