Popular Boxee.tv, the portable home theater, has been attacked leading to hackers leaking the Boxee.tv database. The Boxee.tv data breach comprised over 158,000 user accounts.
Risk Based Security published a report analyzing the recent cyber attack launched against Samsung’s, Boxee.tv. Hacker going by, ProbablyOnion, has taken credit for uploading the customer database online, around March 10th. Cyber criminals hacked Boxee’s database just as the company was begin integrated into Samsung, after begin a private company of over six years.
ProbablyOnion says his motive was to “mostly to make fun of samsung, and whatnot. Plus, really, they’re running unsecure software and I’m still sitting with a backdoor on it, so really, they’ve learned nothing”. It appears ProbablyOnion is demonstrating that large corporations are still vulnerable to cyber attacks.
A private forum announced the leak and the database has been uploaded to a TOR service in a raw SQL dump extraction. The data breach, or database leak, totals 792MB, a little under a one gigabyte, and contains 192 tables. The hacker alleged to obtained the tables through an SQL injection.
The leaked data base contains 158,128 user accounts, many leaked accounts have been ban according to a field in one of the user tables. Included in the data breach, the dump contained 172,234 email addresses, from 17,653 different email providers. Nearly 5,500 email addresses include high profile electronic and telecommunication companies, while another 77,061 accounts are from Google’s Gmail service.
Included in the data breach are user’s encrypted passwords, password change dates, group ID’s, date of birth, IP addresses, Boxee site activity, and full personal message history, Risk Based Security reported. To continue, passwords were apparently salted hashes that are easily cracked, sources report. Lastly, any messages sent throughout the services are now public, regardless of its contents.
After the data breach, the hacker defaced the Boxee forum and published, cyber security analyst, Brian Krebs, personal information on the homepage.
Cyber Security analysts have published an indecent report for Boxee on datalossdb.org. The Boxee.tv data breach happened just as the company was integrating into Samsung, pretty bad timing for both companies cyber security.