

The hacked web site, as it appeared to The H's associates at Heise security

Unknown attackers have breached the web site of the popular open source text editor Notepad++ and tried to trick visitors to the site into handing over the credentials to their Facebook accounts. It is currently believed that the software downloads were not affected. The rest of the web site now appears to have been fixed.

When accessed at the end of last week, the web site of the project was showing defacements by the attackers and also popped up a second window asking for a Facebook login. It appears that the hackers were using the official Facebook API in an attempt to gain access to account credentials from visitors to the site.

Users who actually entered their Facebook credentials could potentially have provided the attackers with persistant access to all functions on their account such as personal information and the ability to post status messages. In this case, users would have to visit their Facebook account settings to revoke these permissions. Simply changing the account password is not sufficient in this case. The site MyPermissions.org provides direct links to all relevant permission pages for services such as Facebook.

See also:

Notepad++ 6 adds regular expressions and a file map, a report from The H.



(fab)