In what is slowly turning into a endless loop of hacktivism activities,
Bill O’Reilly’s BillOreilly.com has been compromised during the weekend, with personal details including passwords in plain text for 205 of the site’s members already leaking across Internet forums, as a response to his remarks regarding Wikileaks as a “one of those despicable, slimy, scummy websites” which recently published private information of Sarah Palin’s private email.
On Friday, Wikileaks issued the following press release :
“Fox News demagogue, Bill O’Reilly, has been hacked and the details passed to Wikileaks. Wikileaks has been informed the hack was a response to the pundit’s scurrilous attacks over the Sarah Palin’s email story–including on Wikileaks and other members of the press, Hacktivists, thumbing their noses at the pundit, took control of O’Reilly’s main site, BillOReilly.com. According to our source, the security protecting O’Reilly’s site and subscribers was “non-existent”.
The following image, submitted to Wikileaks and confirmed by Wikileaks staff, offers proof of the hack. The image, clearly obtained from BillOreilly.com’s administrative interface, shows a detailed list — including passwords — of BillOreilly.com subscribers. Although Wikileaks has only released one page, it must be assumed that Bill O’Reilly’s entire subscriber list is, as of now, in the public domain.”How did they do it “this time”?
According to the article at Wikileaks, the hacktivists seem to have been brute forcing the URL for the administration panel, and once successfully finding it, access the unencrypted data :
“According to Marston, the hackers were able to access the list by trying a large number of variations of the website’s administrative URL. He said all affected members have received an email and a phone call informing them of the breach and urging them to change their password. The site has since been completely locked down, Marston said.”<snip>
http://blogs.zdnet.com/security/?p=1958