A hacker collective known as “Hack the Planet” claims to have breached servers owned by image hosting website ImageShack and one belonging to security solutions provider Symantec. As a result of the breach, an impressive quantity of data has been published online.
In a statement they have published next to the data dump, the attackers highlight the fact that ImageShack improved its security systems after being hacked back in 2009. They claim that although there are some security mechanisms set in place, they’ve found numerous flaws.
“That being said, ImageShack has been completely owned, from the ground up. We have had root and physical control of every server and router they own. For years,” the hackers wrote.
The ImageShack section of the data leak doesn’t seem to contain any user information. Instead, it comprises file names, source code, and server information.
On the other hand, from the server that appears to be owned by Symantec, the hackers leaked not only database structures, but also hundreds of user records made of names, usernames, password hashes, email addresses, phone numbers and other details.
The file they have published online also contains information allegedly stolen from the Cryto Coding Collective website (cryto.net) and the personal details of other hackers.
In addition, the Pastebin paste includes what appears to be the details of a zero-day vulnerability that plagues a hosting platform.
The hackers have stated that they’re not affiliated with Anonymous in any way.
We’ve reached out to both ImageShack and Symantec hoping they can offer more details regarding the breach. The article will be updated once they respond to our inquiries.
A thread we found on Hacker News suggests that the ImageShack leak might be legitimate, but let’s see what the site’s representatives have to say about it.
Update. Symantec representatives have responded to our inquiry.
“Symantec is aware of the claims being made online. We take each and every claim very seriously and have a process in place for investigating each incident,” a Symantec spokesperson said.
“Our first priority is to make sure that any customer information remains protected. We are investigating these claims and have no further information to provide at this time.”