Peggle Crew speaks out on hard drive nuke stunt
5 Aug 2016 at 18:21, Shaun Nichols The hacking group credited for compromising FossHub and briefly infecting downloads of Audacity and Classic Shell says the fallout from the website's insecurity could have been far worse had they not got there first.
In a conversation with El Reg, a member of the Peggle Crew group said the security breach – in which the FossHub accounts for both Audacity and Classic Shell were compromised and used to spread a few hundred copies of a new piece of Master Boot Record (MBR) nuking malware – was, in fact, a relatively simple matter.
We're told that in late July, the miscreants easily found an internet-facing service that was not password-protected. This contained all the source code and passwords they needed to obtain deeper access to FossHub's production and mirror systems as well as its caching servers via FTP, the crew said. They were able to grab the accounts database of developers who upload files to FossHub; the passwords were not salted, apparently.
Full Article
