Cyber Incident Victim: Big Blue Interactive
Date:
Jan 2015
Location:
United States of America
Summary
Hackers Zyklon, linked to WonkaSec, breached multiple entities including Big Blue Interactive's forum, though the extent of data exposure from this victim remains unclear following the removal of related Pastebin entries. Other compromised sites experienced unauthorized access and leaks of user information such as names, email addresses, and plaintext passwords, with some databases partially published online. The incidents collectively highlighted security vulnerabilities leading to potential misuse of personal credentials across affected platforms.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In January 2015, the hacking group Zyklon, operating under the alias WonkaSec, publicly claimed responsibility for breaching Big Blue Interactive's forum alongside multiple other websites. The group announced this intrusion through a Pastebin post dated around January 15, which included a screenshot of the forum's incident notification message. While Zyklon’s Pastebin entry detailing the Big Blue Interactive compromise was later removed, its initial existence confirmed unauthorized access to the platform. The attackers did not disclose the full scope of extracted data, leaving uncertainty regarding the number of affected user accounts or specific data types exposed. This incident occurred concurrently with Zyklon’s confirmed breaches of Macalester.edu’s Soviet history subdomain, aquamarineboat.com, and pumpsforless.com, where the group leaked thousands of user records containing plaintext passwords, email addresses, and personal identifiers. Big Blue Interactive’s forum administrators acknowledged the breach through an on-site message displayed to users, though the article does not specify the exact timing or content of this notification beyond its inclusion in Zyklon’s screenshot. No verifiable evidence confirmed whether Zyklon published or monetized Big Blue Interactive user data elsewhere following the Pastebin removal.
The confirmed impacts of Zyklon’s broader campaign included credential exposure, operational disruption, and reputational damage to targeted organizations. While Big Blue Interactive’s specific consequences remain partially unclear due to the absence of leaked samples, parallel breaches by the same threat actor demonstrated systematic extraction of plaintext passwords and personally identifiable information (PII). For example, the Macalester.edu breach exposed 3,634 user records publicly via Pastebin, while aquamarineboat.com suffered the leakage of 2,060 customer records containing postal addresses and credentials. These incidents underscored risks of password reuse, as Zyklon explicitly advised attackers to exploit credentials across other platforms. Big Blue Interactive’s administrators took initial containment steps by publicly acknowledging the breach, though the article does not detail further remediation efforts such as forced password resets, system audits, or user notifications. The Soviet history subdomain at Macalester.edu remained offline indefinitely for security rebuilding, illustrating prolonged service disruption. Zyklon’s pattern of targeting diverse entities—academic resources, commercial retailers, and discussion forums—highlighted indiscriminate tactics against weakly secured web platforms storing unprotected credentials.