ASUS eStore Hacked, Administrator Credentials Leaked (Updated)

NullCrew has published around 23 usernames and associated passwords

By on July 16th, 2012 06:55 GMT

NullCrew, the hacker collective that has taken credit for breaching PBS and the World Health Organization, returns with another major data breach. They claim to have gained access to the databases of Asus’ eStore (us.estore.asus.com).

A number of 23 administrator usernames and hashed passwords have been published on Pastebin, the hackers urging everyone to try them out.

“Greetings everyone. Today we decided to leak some very interesting information. Information from the Web-Admin from good old ASUS,” one of the hackers wrote.

“These accounts are from the ASUS eStore, and I've tried, and you can login to them. I also found it a challenge because I saw the GoDaddy ‘Security’ icon. That said they were verified for proper security. Couldn't stop after I saw that ;). Enjoy.”

Since many of the hashes are fairly easy to decrypt and since the chances for misuse are high, we will not be providing a link to the data leak.

On the other hand, we have reached out to Asus and asked them for additional details regarding the incident.

This is not the first major hardware manufacturer to become a target of hackers in the past few days. Last week we’ve learned that NVIDIA was forced to shut down its forums because of a breach that may have affected as many as 400,000 users.

While NVIDIA admitted that operations on its forums were suspended because of “suspicious activities,” they didn’t say anything about other systems being impacted. However, the hacker collective that took credit for the attack – The Apollo Project – claims that the company’s online shop was also compromised.

“Oh, and nVidia forgot to tell you that shop.nvidia.com has also been compromised. nVidia minimizing the affect that the hack will have on its stock price? SHORT SELL, SHORT SELL,” they said.

Update. ASUS eStore representatives have responded to out inquiry, but they haven't provided any details regarding the hack. 

At this moment I am unable to deny nor confirm that our website has been hacked,” a company spokesperson said. 

Comments