The Next Web

» hack

   

Best Western Hotels security FAIL: 8 million cases of identity theft in biggest hack ever? (Updated)

robin Written on August 25, 2008 – 5:15 pm
Robin Wauters, Next web enthusiast & Plugg organizer

According to the Sunday Herald, an international criminal gang has pulled off one of the most audacious cyber-heists ever by stealing the identities of an estimated 8 million people - who have all been guests in at least one of the 1300 existing Best Western Hotels in the past 12 months - in a hacking raid that could ultimately net more than 3.5 billion euro in illegal funds.

A Sunday Herald investigation has discovered that late on Thursday night, a previously unknown Indian hacker successfully breached the IT defences of the Best Western Hotel group’s online booking system and sold details of how to access it through an underground network operated by the Russian mafia.

It is a move that has been dubbed the greatest cyber-heist in world history. The attack scooped up the personal details of every single customer that has booked into one of Best Western’s 1312 continental hotels since 2007.

Update: Neville Hobson was kind enough to Twitter-point me to a statement issued by Best Western (PDF), wherein they claim the newspaper is being sensationalist, and that most of the facts presented in the article are inaccurate, exaggerated, unsubstantiated or false, although they fail to provide more insight as to what the extent of the damage really is.

Update 2: Best Western provided more feedback on the issue:

“We can confirm that on August 21, 2008, three separate attempts were made via a single log-on ID to access the same data from a single hotel. The hotel in question is the 107-room Best Western Hotel am Schloss Kopenick in Berlin, Germany, where a Trojan horse virus was detected by the hotel’s anti-virus software. The compromised log-in ID permitted access to reservations data for that property only. The log-in ID was immediately terminated, and the computer in question has been removed from use. “

The Sunday Herald alerted Best Western, who promptly closed the security breach on Friday afternoon, but experts fear that information seized in the raid is already being used to pursue a range of criminal strategies. Jacques Erasmus, an ex-hacker who now works for the computer security firm Prevx, has even been quoted saying “In the wrong hands, there’s enough data there to spark a major European crime wave.”

The stolen data included private information like home addresses, phone numbers, credit card details and place of employment.

The initial hacker succeeded in bypassing the system’s security software and placing a Trojan virus on one of the Best Western Hotel machines used for reservations. The next tume a member of staff logged in, her username and password were collected and stored.

If you’ve stayed in a Best Western hotel at some point during the past year, you might want to consider hooking up with their customer service department to see what’s up. Use the number 0800 528-1238.

(Image courtesy of hiten mistry @ Flickr)

I hope you like that post!

The Next Web Blog covers start-up news from all over the world (not just the Valley), exciting new technologies and inspiring entrepreneurs. If you're new here, you may want to read our 'About' page and subscribe to our RSS feed.

Do you have a start-up that we should write about? Contact us! Thanks for visiting and hope you come back again!
Add to Google Add to netvibes Subscribe in Bloglines
Tags , , , , , , ,
1 Comment »

8000 New Followers on Twitter in One Day

Boris Written on August 10, 2008 – 12:03 pm
Boris Veldhuijzen van Zanten,

How to Get 8000 Followers on Twitter in One Day — My Awesome BlogLast week Techcrunch reported about a possible vulnerability in Twitter which made it possible to force other people to start following you. A user named johng77536 tricked Twitter and got more than 7000 followers in one night. The hack was an obvious spam effort with only two posts in the account, both linking to a site called hotmoda.com. The account was swiftly deleted by Twitter and that seemed o be the end of it.

Now it appears that it is also possible to get more than 8000 followers in one day WITHOUT hacking Twitter. A fairly unknown blogger with Twitter username @manatee woke up on Friday morning and found 15619 follower requests waiting in her Twitter account. She accepted them all, and ended up with 8000+ followers within a few minutes. Considering she only had 5 followers the day before, this would count for a very sharp rise to fame.

ManateeTwitter seems to be aware of the issue but hasn’t closed the account which seems to imply that this is more likely a bug than a hack. @manatee is quickly losing followers as people start to find out they have involuntarily started following her. Looking more closely at the blog and Twitter posts it could also simply be the same hacker as before who worked just a little harder on looking like a real person instead of a spammer. There is no author listed at the blog or in the Twitter account and the image of a young and beautiful blond woman could have easily been copied from somewhere.

For now @manatee IS still listed as one of the top 100 most popular people at Twitter, which is bound to attract some new followers. I have contacted Twitter and will add their official reply to this post as soon as I get it.

Tags , , , ,
6 Comments »

Feedburner hack: how to get 2500 subscribers overnight (video)

joop Written on August 4, 2008 – 6:03 pm
Joop Dorresteijn, Contributing editor

Established blogs like ReadWriteWeb and Techcrunch proudly show a Feedburner chicklet that displays the sites popularity. But beware – since people are more likely to subscribe to a site with a bigger amount of readers, some sites manipulate the counter.

Every once and a while co-editor Patrick and I stumble on a shady looking website with a ton of readers. That made us wonder whether Feedburner is hackable. I’ve sacrificed my personal blog for a hacking experiment and the result; faking your subscriber count IS possible!

We found an easy way to hack Feedburner (Not the obvious hack that simply steals a chicklet from a popular site). Looking at the subscriber count at some sites, we’re not the first ones who found out, but we are the first ones to write it down. All it takes is an OPML file, a Netvibes Universe, and a good night’s sleep.

EDIT: While the hack still works, I am happy to tell you that Google and Netvibes are working on a solution to the problem. Steve Olechowski, co-founder Feedburner mailed me and said: “These things happen occasionally and are usually fixed in a couple of days”, he added that the feedburner counts do not influence advertisement measurement. Franck Mahon from Netvibes said: “We are working on a fix to filter out in the reporting the duplicates while still allowing people to add several instances of the widget to their startpage.” When things get fixed, it would be interesting to see the differences on some sites.

How to manipulate your Feedburner subscribers in two minutes


Feedburner hacked! on Vimeo.

Moral of the story is: everybody can have a lot of Feedburner readers, which makes the service questionable as a measurement of performance. It’s up to Google/Feedburner to fix things up.

Once they do this, it will be very interesting to see which blogs suddenly lose a bunch of subscribers…

Tags , , , , ,
73 Comments »

Subscribe to:

 RSS feed   Comments  Email update Email

Add to Google   Add to netvibes   Subscribe in Bloglines
Sign up for our FREE weekly newsletter!

Giga Sponsors:
eBuddy
E.Factor

Accenture Innovation Awards
Netlog

Wakoopa

This blog is currently sponsored by Accenture, E.Factor, Netlog, eBuddy and Wakoopa. Interested in becoming a sponsor too? Check our advertising opportunities for more information.



Mega Sponsors:

 myMailMarket email marketing Intermediads
Organizers United Linkedin Group Fleck

Copyright 2006-2008 © The Next Web - Entries (RSS) / Comments (RSS)