Sixty thousand accounts compromised

Feb 9, 2010 14:15 GMT  ·  By

A Lebanese hacker claims to have hacked Orange's regional website in Cote d'Ivoire (Ivory Coast) through SQL injection. The attack allegedly gave him access to the website's administration interface and information on almost 60,000 customers.

Orange is the fifth largest telecom provider in the world with a presence in 166 countries and territories and an estimated 189 million subscribers. According to information on its website, Orange Cote d'Ivoire was the group's first subsidiary on the African continent and has over 4 million customers.

In an e-mail to Softpedia, a self-confessed grey hat hacker going by the name of Idahc took credit for compromising the organge.ci domain. The attached screenshots and a video demonstration clearly show the hacker navigating through the website's administration interface at will.

The site seems to have been compromised around the date of January 25, when Idahc used the administrative credentials to add a news story entitled "Hacked by Idahc" on the website. The entry is still online at the time of publishing, suggesting that the webmasters might not be aware of the security breach.

However, it appears that Idahc is not the only hacker to have targeted the orange.ci domain recently. According to a post on Web defacement archive Zone-H.org, someone else hacked the server and uploaded a rogue HTML file back in December. Similar to Idahc's news story, that file is still online and reads "3viLboy was here."

The footer of the compromised website reveals that it was created by a company called Initiactives Multimedia, based in Abidjan, the country's largest city. Another organization whose site was designed by Initiactives Multimedia is Banque Atlantique, an Ivorian bank with offices in Benin, Burkina Faso, Cote d’Ivoire, Mali, Niger, Senegal, Togo, Cameroon and France. We certainly hope that its website is not as buggy.

Photo Gallery (4 Images)

Orange.ci website compromised through SQL injection
Orange.ci administration interfaceRogue news entry on Orange.ci
+1more