May 25, 2012

A Weekend of Hacker Attacks

Risk Management Monitor
Emily Holbrook
Risk and Insurance Management Society, Inc. (RIMS)
Tuesday, December 14, 2010
Communications, Media & Internet
All Federal / All International
Printer-friendly
Email this Article
Download PDF
Reprints & Permissions

Over the weekend, pharmacy giant Walgreens fell victim to a computer criminal that stole its email marketing list from a third party. The hacker then sent out realistic looking spam that asked people to enter their personal information into a web page controlled by hackers. Even worse, those customers that had opted out of receiving marketing emails from the drug store had their information stolen as well.

McDonald’s also experienced a data breach via a third party attack. Arc Worldwide is a company hired by McDonald’s to manage its promotional email campaigns. Arc Worldwide hired another company to actually send these promotional emails. It is that company, the name of which remains anonymous, that was the target of hackers. Though the stolen data did not contain sensitive information such as Social Security numbers or credit card information, it did contain names, phone numbers and physical addresses.

And lastly, Gawker media sites were targeted this weekend with hackers going after their more than one million commenters’ usernames and passwords. Those responsible for the attack, a group of hackers known as Gnosis, had a few words for Gawker.

“We went after Gawker because of their outright arrogance”—possibly towards the hacker community—”It took us a few hours to find a way to dump all their source code and a bit longer to find a way into their database. We have had access to all of their emails for a long time as well as most of their infrastructure powering the site. Gawkmedia has possibly the worst security I have ever seen. It is scary how poor it is. Their servers run horribly outdated kernel versions, their site is filled with numerous exploitable code and their database is publicly accessible.”

It’s hard to believe that in 2010 we are still seeing major corporations and media outlets continuously, though unintentionally for the most part, exposing sensitive information. Yes, many blame hackers for disrupting business, stealing personal information and even shutting down websites entirely. But one thing these hackers are not credited with is how they force these companies to adopt stricter web security. It would be tough to find a well-known company whose system was hacked and yet they did nothing to prevent such incidents in the future.

There’s a good and a bad to everything.

Risk Management Magazine and Risk Management Monitor. Copyright 2012 Risk and Insurance Management Society, Inc. All rights reserved.

About the Author

Emily Holbrook
Editor

Emily Holbrook is the editor of Risk Management magazine and the Risk Management Monitor blog.

www.rmmagazine.com
212-655-5915
www.rmmagazine.com

Boost: AJAX core statistics

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. NLR does not accept advertising from attorneys or law firms. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be an advertisement or a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.