Categories: SecurityWorkspace

R00tbeer Hackers Hit Philips

Following their AMD blog hack on Sunday, the r00tbeer hacker group has hit a new target – Dutch electronics manufacturer Philips.

The group has stolen and posted online several Philips.com databases containing almost 200,000 email addresses, accompanied by a mix of customer records including names, postal addresses, birthdays, phone numbers and passwords – some of them stored in plain text.

At the time of publication, Philips had not responded to a request for comment.

Out of salt

R00tbeer seems to be a new player on the scene. The group opened a Twitter account on 18 August and had assembled 396 followers at the time of this story being published. Their first target was the user database of thebotnet.com forums, a community with over 96,000 members. After posting the database online on Sunday, r00tbeer promised their next target would be “a large company.”

The victim they chose was AMD, and its news website blogs.amd.com. The hackers stole and dumped the database containing the details of 190 internal accounts, including information on usernames, email addresses, hashed passwords and, in some cases, full names of AMD staff. No customer details appeared to be compromised. Two days after the hack, AMD blogs still remain offline.

On Monday evening, the group announced they hacked another website, belonging to Philips. In the attack, r00tbeer stole seven SQL tables containing customer details and a separate file with over 197,000 email addresses.

According to InfoSecurity magazine, more than 350 email addresses and passwords of Italian customers who had purchased Philips flat-screen TVs a few years ago were posted in plain text.

In one of the databases, the passwords were hashed, but not “salted”, making the protection a lot less secure. Using a single CPU on a three-year-old laptop, Sophos security blogger Paul Ducklin recovered 139 out of 375 unique password hashes contained in that particular database, in just two minutes.

According to Ducklin, Philips has to take blame for two mistakes. First, the passwords shouldn’t have been accessible in the first place. But even if the passwords are leaked, there are ways to make them less useful to cybercrooks. That’s where Philips made its second mistake: the passwords shouldn’t have been stored unsalted, or even worse, in plain text.

“By leaking passwords, you may give away personal information beyond the scope of the user and the data you’re protecting,” writes Ducklin. The researcher has also criticised the choices of user passwords, with plenty of old favourites in the list, such as “1234”, “password” and “qwerty”. The very obvious “philips” made five appearances in the leaked databases.

Not one to rest on its laurels, several hours after attacking Philips, r00tbeer hit the UK student community thestudentroom.co.uk.

The resulting database dump was 82 MB large, but the exact contents of it are not known, since the file was promptly deleted by the hosting company Mediafire.

Despite its frenzied activity, r00tbeer hasn’t managed to cause too much harm. If the group continues to hit websites at this rate, it might actually serve as a wake-up call to companies like Tesco, which continue to ignore best security practices.

UPDATE: Philips has posted the following statement on its website: “We immediately investigated and, at this time, all indications are that the information posted today is identical to the information accessed earlier this year when data was stolen from Philips websites. We continue our investigation into the events of today and will update as appropriate.

“As previously communicated, the event of earlier this year related to some of Philips’ internet micro-sites, which are small websites used for campaigns and marketing promotions. On February 13, Philips immediately disabled the affected sites and it initiated an investigation eventually including third-party data security experts, Philips experts and law enforcement. After an extensive investigation, Philips concluded its probe into the security issue in April and has taken steps to improve security to protect our valued customers’ data against future criminal activity.”

How well do you know Anonymous? Take our quiz!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

Is the Digital Transformation of Businesses Complete?

Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…

18 hours ago

Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…

19 hours ago

OpenAI Adds ChatGPT Search Features

OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…

19 hours ago

Google Maps Steers Into Local Information With AI Chat

New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…

20 hours ago

Huawei Sees Sales Surge, But Profits Fall

US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…

20 hours ago

Apple Posts China Sales Decline, Ramping Pressure On AI Strategy

Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…

21 hours ago