Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label 1923Turkz. Show all posts

@1923Turkz hits Jharkhand police website

*Update: 1923Turkz is one of the fake claimer.  We have confirmed the leak is fake one.


The attack was announced in his twitter account. He provided an anonpaste link that reportedly contains the database dump of the jhpolice.gov.in.


The leak includes login credentials of more than 20 accounts.  It contains the email addresses and passwords.  I'm not able to believe my eyes when i read the password list. All of them are using "123" as password.

Jharkhand police is the only police dept. in India that recently launched a facility for Responsible disclosure where bug hunters can safely report their vulnerability finding.

*Update*: The hacker didn't provide any valid POC that proves his claim.  It is more likely to be fake one.

Hacker @1923Turkz breached Federal University of Bahia website


*Update*:  @1923Turkz is fake claimer.  Sorry for this article.  Anyway, This article will be reference for his fake claim. 


A hacker known by his online name @1923Turkz has breached Federal University of Bahia website(ufba.br) - one of the Brazil University, located mainly in the city of Salvador, Bahia.

"Universidade Federal da Bahia DB Hacked http://www.anonpaste.me/anonpaste2/index.php?952af0b8ee517a5f#0i/g1qDaqpzAeg8PloenF3vKMbozGKlU2gSTIxlxw6Y= …" Hacker tweeted about the hack along with a link to the database dump.

The database dump contains hundreds of account details that include name, plain-text password and email address. I had a quick look at the password list, most of them are weak passwords.

We recommend the admin to find and fix the vulnerability and users are advised to change their password.

1923Turkz become more active in recent days and busy in dumping the database from the hacked websites.  Yesterday, he hacked into the Bangladesh Air force website.

Bangladesh Air Force Career website's database hacked by @1923Turkz

*Update*:  @1923Turkz is fake claimer.  Sorry for this article.  Anyway, This article will be reference for his fake claim.

A hacker has managed to gain access to the database server of the official career website of Bangladesh Air Force and leaked the accounts' login credentials.

 "Joinbangladeshairforce.mil.bd", serves as a portal for applying for Air Force, is reportedly breached by the hacker using the online name @1923Turkz.  The SQL injection vulnerability in the website gave him the opportunity to break in.

The database breach was announced in his twitter account along with the link to the accounts leak.

The leak include login credentials of 19 accounts that contains the email addresses that ends with 'army.mil.bd' and encrypted passwords.

Although the passwords are encrypted , it won't take much time for someone to crack the hash.  We have analyzed the leaked passwords and found most of the passwords are very weak passwords.

A simple google search reveals the decrypted passwords.  We just like to point out one of the worst password used : "password".  We recommend the Bangaldesh government to immediately fix the vulnerability and urge users to change their password.

Lomonosov Moscow State University and Imperial College London hacked by @1923Turkz

*Update*:  @1923Turkz is fake claimer.  Sorry for this article.  Anyway, This article will be reference for his fake claim.

A hacker from Turkey using twitter handle @1923Turkz has breached the Two University websites from Russia and United Kingdom.

The database servers belong to the Lomonosov Moscow State University(msu.ru) and Imperial College London(imperial.ac.uk) are breached by the hacker.

The Database-dump taken from the Lomonosov Moscow State University contains usernames, encrypted passwords and email addresses. It also includes the admin login credentials.

http://www.anonpaste.me/anonpaste2/index.php?2f4fcc3765679814#c+eRCx9jdbRZQzi2m/g45chIpsfsuMnnvX44Cfp/2Tg=


The dump said to be compromised from the Imperial college contains First &Last names, email addresses, phone numbers.  There is no password leaked in this dump.

http://www.anonpaste.me/anonpaste2/index.php?422670bd5aad422f#Yu0o6TXVsy5IeMI1uEGAAEppNPkRURbOjskwkKB9XcQ=