According to data breach monitoring service ‘Under the Breach’, hackers shared SQL databases from unsecured AWS (Amazon Web Services) buckets and one archive belongs to the BGR site in India.
The data leak was first reported by experts from the security firm Under the Breach. The full SQL backup contains emails, hashed passwords and other information, reports BleepingComputer.com.
“Actor dumps the MySQL database of http://bgr.in (@BGRIndia) a huge Indian tech news site! 2,000,000 monthly visitors, @BGR 11,650,000 monthly visitors! Hacked due to exposed s3 AWS bucket. Usernames, emails, passwords and more. Full SQL backup,” tweeted Under the Breach.
In a statement posted on its website, BGR on Friday said an internal review has found that the exposed email ids and passwords belong to ex-employees of BGR India.
“All these email ids are now defunct and no longer in use. We, at BGR India, give safety and data privacy of utmost importance. At no point need any of our users to be worried about their personal data being misused,” said the company.
A “full SQL dump” refers to all the posts on the site along with access credentials for authors and administrators.
The experts from Under the Breach said that credentials were stored in hashed form, converted with a function in WordPress.
“In most cases, hackers pay to have the hashes cracked. On some specialised sites, this service is advertised at a reasonable price.”
According to the hackers, the overall dump contains at least 36,000 emails and logins for other affected websites like tradinggame.au.com and S3 Production.
Experts from Under the Breach found 16 SQL dumps contained in a seven ZIP archive, said the report.
Launched in October 2006 in the US, Boy Genius Report is a popular destination for breaking consumer electronics news as well as exclusive early looks at unannounced products.
It started off as a column written by Internet personality Jonathan Geller, who later converted it into a website.