Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

ACM.ORG website has serious data leak again
From: the hacker <info () the-hacker info>
Date: Fri, 19 Feb 2010 18:28:38 +0100

a serious data leak has been found on acm.org - full member information 
including postal address and mail address can be extracted from the website.

In addition to that the data can also be modified

acm.org CEO John White has been informed more than 24 hours ago via 
email about this problem, but there was no reaction at all from acm.org 
(the reception of the email was confirmed by the hacker calling mr white 
and asking if he got the mail...he said it was forwarded to IS 
director...), they did not even ask where/what exactly the problem is.

The hacker has extracted several thousend datasets from the website as a 
proof of concept.

so if you are a ACM member your data might be available to everyone - 
let mr white know what you think of this: white () acm org

follow the development on www.the-hacker-news.com or 
www.twitter.com/_the_hacker_

screenshots & details will follow once acm has closed the hole (if they 
ever will...)

TH

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • ACM.ORG website has serious data leak again the hacker (Feb 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]