TopTV website gets hacked

jes

jes

MyBroadband Alumnus
Joined
Nov 11, 2009
Messages
11,992
Reaction score
123
TopTV website gets hacked

TopTV’s website has been hacked, raising questions about potentially sensitive information landing in the hands of the hackers
 
Sodan said:
So was any sensitive information (e.g. customer details) leaked or not?
Click to expand...

I would also like to know the answer to that question but I think the answer is probably yes considering that their contact us page is not yet operational and that a database was most likely compromised:
 

Attachments

  • Screenshot from 2013-01-02 09:50:05.png
    Screenshot from 2013-01-02 09:50:05.png
    86.9 KB · Views: 357
j4ck455 said:
I would also like to know the answer to that question but I think the answer is probably yes considering that their contact us page is not yet operational and that a database was most likely compromised:
Click to expand...

Most scrip kiddie hacks make use of contact us template pages for SQL injection, this then exposes the db belonging to the website. Generally this db contains basic info and not credit card details etc.
 
... and this is why you don't use old open source CMS products that may have vulnerabilities!

These websites most likely only contained information that aren't sensitive at all.
 
Pada said:
... and this is why you don't use old open source CMS products that may have vulnerabilities!

These websites most likely only contained information that aren't sensitive at all.
Click to expand...

+1 to both points
 
Pada said:
... and this is why you don't use old open source CMS products that may have vulnerabilities!
Click to expand...

Let me correct you, this is why you dont use any old customer facing products that have vulnerabilities.
 
PG Glass is still screwed up.

Guess who is still on holiday? :)
 
Pada said:
... and this is why you don't use old open source CMS products that may have vulnerabilities!

These websites most likely only contained information that aren't sensitive at all.
Click to expand...

Has nothing to do with Open Source products, but everything to do with poor security management. You could have the best closed source product deployed but you could still have vulnerabilities in your control panel, your web server, your SQL database, your FTP, etc
 
cbrunsdonza said:
Has nothing to do with Open Source products, but everything to do with poor security management. You could have the best closed source product deployed but you could still have vulnerabilities in your control panel, your web server, your SQL database, your FTP, etc
Click to expand...
Yeah, just look at windows!
 
cbrunsdonza said:
[highlight]Has nothing to do with Open Source products, but everything to do with poor security management.[/highlight] You could have the best closed source product deployed but you could still have vulnerabilities in your control panel, your web server, your SQL database, your FTP, etc
Click to expand...

Exactly :)

Ipwn 4 said:
Most scrip kiddie hacks make use of contact us template pages for SQL injection, this then exposes the db belonging to the website. Generally this db contains basic info and not credit card details etc.
Click to expand...

I don't know about you but I consider any and all of my personal details (including name and contact details) to be sensitive information whereas I consider my ID number, credit card and other banking details to be even more privileged than my contacts details.

IMHO there should be no reason for storing customer contact details in a database that is accessible from a webserver via the Internet, a contact us form should collect and relay the data to an internal server but never store the data at the point of collection.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X