Jaago Re and Pizza Hut Hacked by A group of ethical hackers

How many times have you registered on a website and, to keep things simple, entered the same password you use for your email ID? Here’s a warning, every time you do that, you become vulnerable to hackers who, by breaking into the security systems of websites, have access to all your personal emails and sensitive information such as photos, account numbers, bank passwords etc.
   A two-year-old registered group of ethical hackers, who run a nonprofit organisation called Information Security Awareness Community Movement (ISACM) have discovered that some of the most frequented websites in the country — Jaago Re, IIT Bombay, Pizza Hut and Mumbai University — have very poor security systems. Last week, they managed to procure email IDs and passwords of eight lakh users from two sites alone.

JAAGO RE WAS HACKED INTO EARLIERIn the case of jaagore.com, which conducted an intensive campaign before the Lok Sabha polls, ISCAM officials said they were able to get email IDs and passwords of 6.4 lakh registered users, including some prominent people in the country. P G Krishnamurthy, ISACM’s principal consultant, said that on this site, sensitive information such as people’s electoral numbers etc is also accessible to anyone who wants to misuse it.
   Krishnamurthy explained that the first time they found vulnerabilities in jaagore.com earlier this year, they were immediately able to see the chinks in the armour. Once the group alerted the site owners, passwords were encrypted but the overall security was still low.
   Once again on September 2, they
compromised the site and were able to access mail IDs and passwords with only a little more effort than earlier. “We have once again notified the owners that they need to upgrade the security,” said Krishnamurthy.

WHAT THE HACKERS FOUNDWith Pizza Hut, the hackers were able to access data of 1.7 lakh registered users. They claim that it is possible to take complete control of the site. With IIT Bombay and Mumbai University, the story is not very different.
   “In the case of Mumbai University, we could simply tinker with the information. Even the results section was open to us. As for IIT Bombay, we had complete control of the website,” said Krishnamurthy.

LETTING THE OWNERS KNOWKrishnamurthy said, “As ethical hackers, our objective is not to misuse any information but merely test the security of the sites. Once we find a vulnerable website, we let the owners and concerned cyber cell authorities know that security can easily be breached.” The group even volunteers to help the owners fix the problems free of cost.
   “Our goal is to warn Indian site owners that it is about time they take security seriously,” he added. ISACM has written to the owners of the four sites warning them of the security problems. “We haven’t heard from any one yet. However, we are sure the owners will act on our information,”he said.

WHAT SITE OWNERS SAIDTata Tea, owners of jaagore.com, accepted that their site had been vulnerable earlier. “The current security levels of jaagore.com are on par with international standards for a website of its nature. The company is confident that the current security levels of jaagore.com will not allow any form of unauthorised access and is sufficient to safeguard the interests of the website and also the privacy of all its registered users,”
   stated an emailed statement issued by Tata Tea.

IIT BOMBAYInitially, Professor Abhay Karandikar, head of computer centre at IIT Bombay, denied that the site had been hacked. “My proxy logs do not see any breach at all. I keep receiving fake threats and send them to the cyber crime cell for action,” he said. However, he later added that he would get in touch with ISACM to ascertain whether they had managed to breach the site and how they had done it.

PIZZA HUTPizza Hut officials too denied that their site had been compromised. “Pizza Hut deploys the highest standards of IT security across its systems, especially where customer data is concerned. This matter has been recently brought to our notice and we have found no signs of any breach. However, as a responsible company we are checking our security systems again and will take appropriate action if warranted,” said a spokesperson of Pizza Hut.

MUMBAI UNIVERSITYMumbai University too stated that it would take all the necessary steps to secure the site. “Thanks a lot for cautioning us. The university will take immediate steps to avoid any further damage,” said K Venkatramani, registrar of Mumbai University.

WARNINGSeventy per cent of Internet users use passwords of their email IDs while registering on various websites. By getting into one email inbox, hackers can gain access to the entire virtual life of an individual and other IDs as well

 

 

 

 

TATA TEA

 

 

 

 

 

 

Source: Pune Mirror