Was the hack fabricated or is this simply an example of a poor PR strategy?

Mar 29, 2012 08:34 GMT  ·  By

Many users are aware that LulzSec Reborn, the hacker collective that decided to pick up where the old LulzSec crew left off, claim to have breached MilitarySingles.com, leaking more than 170,000 record sets.

If at first the site’s representatives said they were investigating the incident, now they came forward to deny that the breach ever took place.

DataBreaches obtained a second statement from ESingles, the company that manages MilitarySingles.com.

“After a thorough investigation by our company programmers, it is our conclusion that our database was not hacked and that the claims of the Lulzsec group are completely false,” the organization’s representative said.

They reveal that the number of records stored in their database doesn’t even closely match the large number of records published online by the hackers, highlighting the fact that all the passwords they store are encrypted.

Furthermore, they say that the site was down on March 25 for a scheduled maintenance and not because of a data breach.

They also have an answer for the alleged defacement. According to the admin of MilitarySingles, the site was not defaced, instead an image was simply uploaded to their image repository.

“We have taken measure to confirm our website and it’s database is secure and safe for our members, and will continue to do so. We are unable to confirm that the so-called checklist of email addresses have actually come from our user database,” they explained.

However, as the admin of DataBreaches points out, most of the usernames from the data dump match the ones of the users featured in the “Online Members” preview section.

Also, the fact that passwords are encrypted doesn’t mean much if the encryption algorithm that’s utilized is MD5, especially if no salt is used.

Our separate investigations also lead us to believe that at least part of the data leak is legitimate. Nevertheless, MilitarySingles representatives were asked to provide further proof to back up their statement.

So, did LulzSec Reborn fabricate the hack, or is this simply an instance of a poor PR strategy? Hopefully we’ll find out soon. In the meantime, you can check out the interview we've had with members of LulzSec Reborn.

Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile.