Cyber Incident Victim: AMZ Review Trader
Date:
Oct 2015
Location:
United States of America
Summary
An anonymous hacker hacks amzreviewtrader.com and dumps nearly 2500 usernames and clear text passwords.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 25, 2015, a significant cyber incident was reported involving the website https://www.amzreviewtrader.com. The attackers utilized the technique of exfiltration from the application server to compromise the site's security. The incident was reported through an online article available at https://web.archive.org/web/20160601034527/http://siph0n.net/exploits.php?id=4125.
During the breach, the attackers injected malicious code via the URL https://www.amzreviewtrader.com/product-page.php?id=[t]%27, exploiting a vulnerability in the website's product page. As a result, sensitive information, including email addresses and corresponding passwords, was exposed. The leaked data included a list of compromised email accounts and their associated passwords. A subset of the leaked data is as follows:
\[Email Addresses:Passwords\]
1. [email protected]:67777
2. [email protected]:51983
3. [email protected]:freedom89
4. [email protected]:isabella
...
(Additional compromised email addresses and passwords were listed in the leaked data.)
The attackers successfully exfiltrated a significant amount of sensitive information, posing a severe threat to the affected users. The incident highlighted the vulnerabilities present in the website's security infrastructure, leading to unauthorized access and data exposure. The leaked data was subsequently made publicly accessible, emphasizing the need for improved security measures to prevent similar incidents in the future.