Windows Secrets is known by many for its newsletter that gets sound out regularly to free and paid subscribers of the site. At its core, it is a news site that is publishing its stories on its website and the newsletter, with some articles released exclusively to paid subscribers of the service. Articles are written by professionals and experts making this one of the few newsletters around the web that is worth subscribing to.
It recently became known that the Windows Secrets Newsletter website got hacked. The attacker managed to brute force an administrator account to gain access to the site. Using the account, the hacker planted malicious code on the site to get access to the site’s database and information. When subscribers and editors started to receive spam that appeared to come from Windows Secrets, site administrators began an investigation to find out what was going on.
They discovered the hacked administrator account and malicious code on the website, and removed all traces of the code and attack from the site. A full audit of the website, servers and sites on the same network is still undergoing.
Windows Secret users need to know what has been compromised. According to site operators, the following information could have been exposed:
subscriber name, e-mail address, reader number, ZIP code (if applicable), geographic region, and hashed password — all the entries on your profile page.
It seems fairly certain that email addresses have been exposed, considering that users have received spam in the last days. Payment information are not kept on site, and credit card processing is handled by a third party service exclusively. There is no indication at the time of writing that financial information were compromised in the attack.
It is recommended to change the account password at the earliest convenience on this page to protect the account from third party access. Subscribers who have used the same password on other sites should change it on those sites as well as it is likely that the attacker will try to use the email and password combination to log in on popular sites such as Facebook, Twitter or Google (provided that the brute-forcing of hashed passwords is successful of course). (thanks Ilev)
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook, Twitter or Google+ using the icons below.Zappos Hacked, Security Email Asks Users To Change Passwords
LinkedIn Hacked, Are You Affected?
How Web Accounts Get Hacked
Steam Forum Hacked, Time To Panic?
How Much Is A Hacked PayPal Account Worth?
About the Author:Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter.Author: Martin Brinkmann, Thursday September 20, 2012 -
Tags:Hacking, newsletter
Categories: SecurityYou are here: Home » Security » Windows Secrets Newsletter website hacked