Saturday, October 16, 2021

SitePoint, a Webdev tutorials site, discloses data breach

Must Read

Brazil is creating a cyberattack response network

Brazil is creating a cyberattack response network to promote rapid response to cyber threats and vulnerability through coordination between...

Attackers Targeting Unpatched Exchange Servers With DearCry Ransomware

Ransomware attackers are now targeting Exchange servers that haven’t received the patches that Microsoft released last week.According to the...

Attackers abusing website’s contact form to deliver malware

Microsoft is warning businesses to beware of cybercriminals using company website contact forms to deliver the IcedID info-stealing banking trojan in...

The SitePoint web developers community has disclosed a data breach after one million user credentials were sold on a forum, eventually leaked for free in hacker forum.

SitePoint is a website launched in 1999 that offers content and a community devoted to web professionals and developers.

The site offers a premium membership that provides access to over 600 books, courses, and talks.

SitePoint admits security breach this week in emails sent to some of its users.

On January 26th, 2021, a threat actor known as ShinyHunters shared the database for Learnable.com for free on a hacker forum. The learnable.com redirects to the Sitepoint.com domain.

This database contains 1,020,959 people, including members’ names, email addresses, bcrypt hashed passwords, date of birth, country, IP address used during registration, and other information.

The company also said a statement, “At this point, we believe the accessed information mainly relates to your name, email address, hashed password, username, and IP address.”

SitePoint Sent emails of the data breach.

SitePoint disclosed a data breach where they confirm that threat actors hacked their systems and stole member data in an email sent to users.
“We have recently confirmed that a third party breached SitePoint’s infrastructure, and some non-sensitive customer data was accessed as part of this attack.”

“As a precautionary measure, while we continue to investigate, we have reset passwords on all accounts and increased our required length to 10 characters. Next time you log in to SitePoint, you will need to create a new password,” SitePoint states in a data breach notification.

SitePoint said that based on the current situation, the breach occurred after the attackers gained access to “a third-party tool they used to monitor their GitHub account.”

“This allowed access through our codebase into our systems. This tool has since been removed, all of our API keys rotated, and passwords changed,” the company said.

While SitePoint doesn’t mention this tool by name, it is most likely referring to a tool from Git analytics service Waydev, which disclosed a security breach last summer.

This same tool was also used to breach custom apparel vendor Teespring, whose data was also sold by the same hacker, in the same package simultaneously as the SitePoint data.

SitePoint has now initiated a password reset on all accounts and asks users to choose new ones that are at least ten characters long.

The tutorials and books publisher believes that the stolen passwords are currently safe, as they have been hashed with the bcrypt algorithm and salted, which should make cracking the password strings to its plaintext version a pretty lengthy process for the time being.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This