It seems like they have extracted the data in a .sql file. They have uploaded that file in anonfiles.com. The size of the dump is approximately 75MB.
The dump contains sensitive information including customer code, user id, password, organization name, email address and other details.
After analyzing the dump, we have found that there is two password fields in the database. One stores the password in SHA-1 format , the second one stores the same password in plain text(What?!).
The users has strong password by using combination of Special characters, numbers, Case difference but the site fails to apply the proper security.
Still, i'm wondering why they've stored the password in plain text while they saving the password in SHA-1. Did they failed to realize the proper security ?
"Among the users are domain accounts of all banks of Peru and computer security companies as well as universities recognized instuons government and national security system." The hackers said.(translated).
The hackers claimed that they have no malicious purposes, only prove that the security of Peru is void and should be corrected.
At the time of writing, The site displays "Maintenance Page. Please click here to redirect to the home page". We are not sure that the message is being displayed because of intrusion.
