The Directors Guild of Canada, an organization that represents the interests of screen-based industry workers, has been hacked. A hacker using the online moniker “legionnare” (ObeySec) has not only defaced the website, but also leaked its users’ credentials.
The information leaked by the cybercriminal has been removed from Pastebin and the defaced page has been restored. However, Cyber War News reports that the email addresses, usernames and passwords of over, 2,000 users have been compromised.
Unfortunately, the passwords are stored in clear text, which means that it’s easy for almost anyone to abuse the leaked credentials.
I’ve reached out to the Directors Guild of Canada to see if they can comment on the incident. Hopefully, they’ve notified impacted individuals of the breach, and advised them to change their passwords.
Update. The hacker, legionnare, has told me he’s actually a penetration tester. He wanted to test the security of the DGC website and found an SQL injection and a number of XSS vulnerabilities. He leveraged the security holes to leak the user details.
He claims to have informed the other members of Obey Security (there are around 9 members) of the vulnerabilities. The other team members defaced the website and allegedly even gained access to the organization’s PayPal and Facebook accounts.
Now, legionnare says he probably shouldn’t have given his team mates the information on the vulnerabilities. After this hack, he says he’s leaving the scene and “going ghost.” But before he does that, he wants to help the DGC fix the vulnerabilities on its website.
The organization’s representatives have confirmed for the Hollywood Reporter that their systems have been hacked. They’ve stated that they’re reviewing their security across all offices.