GhostShell Hackers are Back with 38 Million Leaked Login Credentials!

Do you remember GhostShell Hackers? Let me remind you. It is a group of hackers and it came in news after four years. In year 2012, a number of websites were hacked by this group. All the hacked websites were the property of Law Enforcement Agencies, Financial Organizations, Political Parties and Government Agencies. This was the last when they were in news. But now GhostShell is back with a big data breach. GhostShell posted on his twitter account about this data breach. GhostShell hackers have access of more than 38 Million accounts. According to security researchers, 38 Million is not an accurate figure. The actual number of hacked accounts is much more than this.

What they have stolen?

The stolen data includes passwords, email addresses of users, skype names, D.O.B (Date of Birth) Details, Personal Contact Numbers, Social Security Number (SSN) and some other personal identification data. According to security researchers, some of the hacked passwords were hashed. Some of them were in plain text and some of them were in “hashed+salted” form.

Why GhostShell hackers did this?

Pierluigi Paganini (Chief Information Security Officer at Bit4Id) wrote in a blog post, “When I contact the hackers of GhostShell they ask that security researchers should do work on the popular JavaScript Based Technologies Collection MEAN (MongoDB, Express.js, Angular JavaScript, Node.js) Stack. This is a very popular stack and that’s why it have a number of security issues. Before MEAN Stack, everyone was using LAMP Stack. LAMP Stack was insecure but MEAN Stack also have a number of vulnerabilities.”

In their posts, GhostShell told that we want to aware server admins that the authentication process used by them are very week. GhostShell also posted on Patebin. They wrote, the authentication process used by MEAN is very weak. A number of services are only single factor authenticated. It is very easy for hackers to bypass this authentication process. When GhostShell scanned the whole network, they found a number of open ports.

List of Open Ports Which they Found

22

53

80

81

110

137

143

443

465

993

995

3000

8080

27017

3306

6379

8888

28017

64738

25565

Hackers could easily got entry into those databases, which are using weak and poor network security techniques. GhostShell gave an example by doing this. Proper changes and maintenance of database is a must. It is a responsibility of Server Admins and security experts to manage the old data techniques and apply new security techniques at proper time.

Source: securityaffairs.co