The work of a well-intentioned hacker who couldn't wait to be given credit
GameReplays.org, the popular gaming website, has been breached by a Spanish-speaking, Anonymous affiliated hacker that goes by the name of _ecECus_. As a result of the hack, a number of 10,000 emails belonging to the site’s members have been made public.However, the story is a bit more complicated, as Jon LeMaitre, co-owner and general manager of GameReplays, explains.
On May 27, the hacker sent an email to GameReplays informing them of a vulnerability that exposed the website’s database. At the time, _ecECus_ highlighted the fact that his intentions were not evil. He claimed that he only wanted to help the site’s owners protect the users, asking to be credited for his findings in return.
The problem occurred one day later when the hacker published the details of 5,000 accounts, comprising usernames and encrypted passwords. Also, on the 29th, he made available another 5,000 record sets.
“Given that he sent the email in Spanish, and I was out celebrating Memorial Day weekend, I had no chance to address his email and thank him for alerting us to the issue,” LeMaitre wrote.
“Because I was not able to respond to an email (written in a language I don't know), within 24 hours, he decided to go ahead and give himself credit for the hack,” he added.
The incident has forced GameReplay to stop working on the development of a new framework and the features they are planning on introducing.
“Ironically, GameReplays fully appreciates the efforts of Anonymous in their role of helping to keep governments and corporations honest,” the general manager explained.
“Anonymous has been helping to expose the corrupt links between corporate lobbying and various governments which threaten the very nature of the web. Sadly, there are people like _ecECus_ who give Anonymous and other hackers a bad reputation, since his goal isn't to help, but rather, to be immature and stroke his own ego.”
LeMaitre advises security researchers who want to help them in securing the site to use the Contact form to send the details, but, due to the limited resources, they may not be able to reply immediately, so no one should think that they’re being ignored.