A hacking group is claiming to have breached the networks of Warner Bros. and China Telecom, releasing documents and publishing login credentials.
Swagger Security, or “SwaggSec,” announced the breach Sunday on Pastebin, providing a link to the files on The Pirate Bay. The group has been active since early this year when it claimed credit for stealing user names and passwords for an ordering system belonging to the contract manufacturer Foxconn, which builds devices for technology companies including Apple.
SwaggSec said the China Telecom data is 900 user names and passwords for administrators on the company’s network. The information was obtained through an insecure SQL server, SwaggSec said in its post. The group said it notified China Telecom of the hack by planting a message in the company’s network. The SQL server was moved but not fixed.
“Fortunately for them, we did not destroy their infrastructure and rendered millions of customers without communication,” SwaggSec said in a note accompanying the data.
The Warner Bros. data includes a report marked “confidential” and titled “Content Security Status Update” dated the week ending April 27. It is an evaluation of the company’s websites, including the top 10 sites with the most open medium-risk vulnerabilities. It also lists the top 10 medium to high-risk vulnerabilities on its networks, with the top two being cross-site scripting and unsupported SSL.
If accurate, the data would provide a would-be hacker a strong start to begin probing Warner Bros. websites. The bundle of data included other documents, some of which are dated 2007.
“Warner Bros.’ also approaches the same technique of confidentiality and ignorance when it comes to their own security vulnerabilities,” SwaggSec said. “When we hacked their intranet, we were surprised to see their IT department’s well documented ‘confidential’ data about the ‘critical vulnerabilities’ on their servers and sites. However, their IT department’s ignorance to fix any of the vulnerabilities they were aware about granted us complete access to their servers.”
The group continued to taunt Warner Bros. on Twitter later on Sunday writing, “So Warner Bros you going to fix your vulns now that we’ve hacked you?”
Efforts to reach Warner Bros. were not immediately successful. China Telecom officials did not have an immediate comment.
Send news tips and comments to jeremy_kirk@idg.com