Yesterday i did an article on a leak of data and a defacement on UK Council for Graduate Education (UKCGE) which was carried out by a hacker using the handle smitt3nz It now Appears that after about 3 days since the original data leak and defacement the hacker has returned to re-deface the site with a new message which has a snippet from a message from JANET about deleting all user credentials in their CRM as well as urging all the UKCGE staff to make sure they did not reuse the same password on other systems. The hacker has also offered to send them the patch if they ever get unbanned on twitter (@smitt3nz) and they have also stated that it might be possible for some one to change the hard coded payment addresses (paypal) to another in the source code but no financial or credit details was accessed in the breach. Message:
LUL.. #2 In response, following recommendations from JANET all existing account details have been successfully deleted in our CRM systems. We urge all existing account holders to ensure that the existing combinations of username and password used through the UKCGE website are not employed through any other websites. ... Okay so they told you to do that.. but you haven't issued a patch for the vuln in your site..? DM me on twitt3r if that sh1t ever gets unbanned and i'll hit you up with a patch It is important to point out that all financial transactions made through the website are processed via PAYPAL. Therefore no credit card (or similar) details have been comprimised. Whilst this is true, what good is it if someone modifies the payment address in da s0urce? gr33tz; smitt3nz , EyeSee , lollipop
At time of publishing the site was still defaced, thanks to @phr34ks for pointing this re-deface out.