Attackers Go Gaga Over Latest Hack

A group of hackers have plundered singer and musician Lady Gaga’s Website and made off with details of thousands of her fans.

The Swagger Security (SwagSec) attackers seem to be starstruck and have recently been concentrating on music sites – this is the fourth such attack in a month. Other targets include Amy Winehouse, Lauren Pritchard and Justin Bieber. The group has also threatened to raid the Klaxons and will continue until they get a mention on a track recorded by rapper Lil B.

“To Lil B: we lovin the new Bill Bellamy [track] (much swag) but where the shouts? All we asking for iz a Lil SwagSec mention on a track (at least respond to our DMS mane). We gonna keep steedy on our grind till we get them shouts and gonna be cookin up more releases n rackin up more felonies in da future,” they wrote in a Pastebin post.

SQL To Other Great Hits

Researchers at Imperva’s Application Defence Centre (ADC) have found a forum post where a hacker claims it was his SQL injection that led to the breach.

“When it comes to hacking, even in the entertainment world, data is king,” said Rob Rachwald, director of security strategy at Imperva, “Although nothing financial may have been taken, it’s a safe bet that Lady Gaga fans are getting fraudulent email messages offering exclusive Lady Gaga videos, pictures and music. But instead, they’re clicking on malware and becoming part of a bot army.”

SwagSec, which claims to be a pro-gay organisation, stole names and email addresses from fans’ accounts on June 27. Universal Music, which manages the site, claims that all the affected people have been notified and say that no financial information or passwords were involved. They added that the site has now been secured.

The hackers claim that Lady Gaga is anti-homosexual but she has voiced support for the lesbian, gay, bisexual and transgender (LGBT) communities. Whether Lil B will comply with their request for recognition is in doubt.

Lady Gaga herself has made no mention of, or offered no apology for, the hack either on the Website or in her Twitter feed. This rankles Graham Cluley, senior technology consultant at Sophos. In his Naked Security blog he said, “Although it’s right that the authorities should be informed regarding SwagSec’s illegal activities, there should surely be some recognition at Gaga HQ that perhaps the website was doing a lousy job at securing its fans’ information?”

Considering it is her fanbase that may be affected and, later, infected, the silence is a disservice to their support, Cluley said.

“The risk to users who had their details compromised, of course, is that they could have been the subject of targeted attacks,” Cluley warned. “Imagine how many of them might have opened an attachment or clicked on a link if they received an email claiming to be about free tickets for a Lady Gaga concert, or a sneak preview of her new video.”