- Jul 22, 2014
- 2,525
Claim to have backdoored supplier to Woolworths' pub chain
Exclusive Hackers are claiming to have hacked Australian point-of-sale technology (PoS) company H&L Australia, and have been claiming to potential buyers that they had lifted its customer database. They were already offering it for sale for AU$22,000 ($16,580, £12,723) more than two months ago.
If indeed they have hacked into H&L, credit card data and personal information would potentially be at risk: the firm's clients include several major retailers.
The Register received information about an alleged breach at H&L Australia two weeks ago, plus the credentials required to access what was alleged to be an active backdoor on the company's network and an open public link to a large SQL database dump.
We immediately reported this to CERT Australia, which offers assistance to compromised businesses.
Our information came from Alex Holden, founder of US-based intelligence company Hold Security.
Holden has form disclosing large breaches and has significant access to underground crime forums. He provided The Register with a chat room exchange between two unnamed entities he says were buying and selling what was purported to be the "H&L Australia database".
The message thread spans almost four hours on 18 July. In it the hackers chat in broken but succinct English.
The exchange between the two was as follows:
11:23:53 seller: "htt p://URL. hlaustralia.c om. au. have shell"
11:25:00 buyer ok , also will need admin cp (control panel) and db (database)
11:25:11 buyer i will make deal about it when my guys comes online
...
14:52:29 buyer password of shell hlaustralia
14:52:33 seller admin
14:53:46 seller all site of hlaustralia.com.au on one server
14:54:21 buyer good
The shell and database – allegedly of H&L – was to be sold to the buyer for 27 Bitcoins on 27 July.
The apparent backdoor and claimed stolen database have since been removed. At no point did The Registeraccess the alleged "backdoor" or the database.
We have made repeated requests for comment to H&L Australia, the first on September 13. The company has not responded directly to our questions, but in correspondence does not dispute the breach and indicates it is taking action to inform stakeholders about the situation.
If a theft took place, precisely what was stolen is uncertain, but Holden claims he's aware of a 14.1Gb database dump, purportedly from the company.
..more in the link above.
Hopefully all data was not in clear-text....
Exclusive Hackers are claiming to have hacked Australian point-of-sale technology (PoS) company H&L Australia, and have been claiming to potential buyers that they had lifted its customer database. They were already offering it for sale for AU$22,000 ($16,580, £12,723) more than two months ago.
If indeed they have hacked into H&L, credit card data and personal information would potentially be at risk: the firm's clients include several major retailers.
The Register received information about an alleged breach at H&L Australia two weeks ago, plus the credentials required to access what was alleged to be an active backdoor on the company's network and an open public link to a large SQL database dump.
We immediately reported this to CERT Australia, which offers assistance to compromised businesses.
Our information came from Alex Holden, founder of US-based intelligence company Hold Security.
Holden has form disclosing large breaches and has significant access to underground crime forums. He provided The Register with a chat room exchange between two unnamed entities he says were buying and selling what was purported to be the "H&L Australia database".
The message thread spans almost four hours on 18 July. In it the hackers chat in broken but succinct English.
The exchange between the two was as follows:
11:23:53 seller: "htt p://URL. hlaustralia.c om. au. have shell"
11:25:00 buyer ok , also will need admin cp (control panel) and db (database)
11:25:11 buyer i will make deal about it when my guys comes online
...
14:52:29 buyer password of shell hlaustralia
14:52:33 seller admin
14:53:46 seller all site of hlaustralia.com.au on one server
14:54:21 buyer good
The shell and database – allegedly of H&L – was to be sold to the buyer for 27 Bitcoins on 27 July.
The apparent backdoor and claimed stolen database have since been removed. At no point did The Registeraccess the alleged "backdoor" or the database.
We have made repeated requests for comment to H&L Australia, the first on September 13. The company has not responded directly to our questions, but in correspondence does not dispute the breach and indicates it is taking action to inform stakeholders about the situation.
If a theft took place, precisely what was stolen is uncertain, but Holden claims he's aware of a 14.1Gb database dump, purportedly from the company.
..more in the link above.
Hopefully all data was not in clear-text....
