Just a few days back we posted about Yahoo! Voices Hacked With SQL Injection – Passwords In Plaintext, and most recently it seems someone has been going after Nvidia pretty hard.
They have already had a few web properties hacked including their forum, the developer zone and their research site. The latest break in the news is a claim that the store has been hacked – they have suspended access whilst they investigate.
Graphics chip manufacturer Nvidia is investigating claims that hackers have compromised its online stores as part of a larger attack that affected several of its websites.
On Friday, a hacker group calling itself Team Apollo claimed that one of Nvidia’s online stores was compromised. As a result, the company suspended access to its Board Store and Gear Store websites.
“Nvidia is investigating whether the store sites were hacked,” Bea Longworth, Nvidia’s senior PR manager for EMEAI (Europe, Middle East, Africa, India), said Monday via email. “We don’t have any evidence that credit card data or customer lists have been put at risk, but we’re investigating.”
The news follows confirmed compromises of some of the company’s other websites last week. “Nvidia Forums, Nvidia Developer Zone and Nvidia Research were compromised in what appears to have been a breach by third parties seeking sensitive information,” Longworth said. On Thursday, Nvidia revealed that hackers had gained access to the Nvidia Forums database and stole usernames, email addresses, hashed passwords and user profile information.
We haven’t really discussed Nvidia much before and I dont recall them being a hacking target previously, we’ve only mentioned them in passing when it comes to tools and methods using graphics card chips for brute forcing like – CUDA-Multiforcer – GPU Powered High Performance Multihash Brute Forcer.
I imagine them having a store and carrying out transactions online puts them in the firing range though, when there’s money or credit card details involved – the bad guys will come.
On the same day, the company also took its Developer Zone and Nvidia Research websites offline over suspicions of compromise. Those suspicions were confirmed on Friday, when a hacker posted hashed passwords for a proportion of DevZone users on a public website.
Nvidia was not the only company forced to deal with data leaks that resulted from hacker attacks during the past week.
On Tuesday, the company operating Formspring, a website where users can post and answer questions, disabled its users’ passwords after 420,000 password hashes were posted on a forum. The company later confirmed that someone broke into one of its development servers and stole user account information from a production database.
On Thursday, a hacker group published a list of 450,000 log-in credentials that it claimed to have stolen from the database of an unnamed Yahoo service. Yahoo later confirmed that the log-in credentials were from its Yahoo! Contributor Network service.
Nvidia has taken the other compromised sites down and confirmed they were hacked, I wonder if the threat against the store is just bravado or someone genuinely has compromised it. There seems to be no proof of that at this point however.
There seems to have a been a real glut of these kind of attacks lately, I wonder if there’s a new vulnerability passing around the underground that no-one knows about in a common web language like PHP or in a common service like Apache or the recent MySQL bug.
I wouldn’t be surprised if a lot of these are due to this: MySQL 1 Liner Hack Gives Root Access Without Password.
Source: Network World
- OpenVAS 7 Released – Open Source Vulnerability Scanner
- Google Leaves Android Users Vulnerable To WebView Exploit
- pwntools – CTF Framework & Exploit Development Library
- The World’s Fastest MD5 Cracker – BarsWF
- Graphics Cards – The Next Big Thing for Password Cracking?
- TJX Employee Fired for Trying to Fix Things
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 228,864 views
- AJAX: Is your application secure enough? - 119,304 views
- eEye Launches 0-Day Exploit Tracker - 85,157 views