View full report of this leak here
Today a hacker who uses the handle @AgentCorporatio has just announced a leak of data from Iceland’s official Vodafone server and site (vodafone.is).
The leak has been announced from twitter just a short time ago and it has also resulted in a defacement of the main websites page and various other sub domains including the mobile site.
The leaked data has been uploaded to speedy share and comes as a compressed 61.7MB rar file which is locked with password TURKISH. when uncompressed it contains the following files.
The users.sql file appears to contains the 77,000 user accounts with user names, encrypted passwords as well as other encrypted information. here
At time of publishing defaces had been removed. see them here.
Report:
Earlier today the official Vodafone Iceland was breached, left defaced and a heap of data leaked from its servers. This report breaks down the contents of each of the files which contains over 70,000 user personal details as well as a heap fo administrator details and Icelandic equivalent of social security numbers.
The leak comes from @AgentCoOfficial or otherwise known as Maxn3y who in the past has leaked data from electronic giants, fast food company’s, American city’s and even airports.
File break down to file name, with notable table row names listed as well as counts of personal information located in each file. the MySQL file greind.sql appears to have a small log of sms history that’s dated 2011 as well as a sms logger.
SQL files
v2.sqlMulti media database, nothing critical, 400K of user tracking and logging with user agents, refers etc.
greind.sql
sms history with what appears to be full text messages to a from numbers with timestamps, all dated 2011-08-19
SMS logger sender id, sms id, user ip, date.
900k rows of user contact details related to a SMS plan.
users.sql
user names, ids, encrypted passwords, email addresses, social security numbers, dates, bank details (alot is incomplete)
77,25
sso_vodafone.sql
account managers details
full names, phone numbers, email addresses.
sms_history.sql and signup.sql explained above.
XLS files
6stodvar_signup.xlskennitala (social security numbers), dates, ticket numbers, campaign ids(unknown campaign), email addresses
count: 23,494
100mb_pakkar,xls
id, code(unknown), msisdn, sms, timestamp(ts)
count: 1001
aukalykill_signup.xls
id, full name (nafn), kennitala(ssn), pnr, confirmed, date, ticket, email, senda, recivier.
count: 4305
env_users.xls
id, ipaddresses, user name, encrypted passwords, email addresses, first name, last name, phone, fax, reg date, last active, user level, notes
count: 334
ev_users.xls
id, school. login. clear text passwords, names, isadmin, active
count: 18
gagnamaga_account.xls
id, timestamp, ip, session id, social security numbers, email addresses
count: 1491
registeration.xls
id, phone, social security numbers, email addresses, tickets id, registration status, date, ip
count: 1247
ris_site_users.xls
user names, clear text passwords, names, email addresses and permissions
count: 12
shop_order.xls
cart_id, names, social security numbers, post codes, email addresses, credit card names, nulled credit card numbers and dates, sale amounts.
count: 3086
signup_buika.xls
real name, email addresses, company’s, chairman name.
count: 31
survey_registration.xls
id, content, date, email addresses
count: 1929
um_clients.xls
usernames,clear text passwords, active, company’s, full addresses, contact numbers, websites, nulled locations.
count: 767
vodafonecup2010
user names, 5x full names, phone numbers, social security numbers
count: 71
ris_world_zones.xls
names, partner countrys, to iceland (nothing important)
count: 10
shop_cart.xls
session id and details encrypted, (nothing important)
count: 49, 468
shop_cart_items.xls
file name says all, nothing of importance here.
shop_cart_plan
file name says all, nothing of importance here.
0 komentar:
Post a Comment