Space-Mail/OnSpace Tecnologia Ltd Servers Hacked, 56.4 GB of Data Stolen by TakeDownRoot

In a posting to their minds account earlier this week, a hacker going by the name of  “Take Down Root” announced a hack and data leak effecting OnSpace Tecnologia Ltd, a Brasilian based online marketing firm designed to help businesses develop more successful email advertising campaigns, promotions and strategies. According to the hacker themselves, approximately 56.4 Gigabytes (GB) of data was stolen off a mis-configured server owned by Linode Cloud Hosting Service in Dallas, Texas.

In two leaks posted to the Pastebin web service, Take Down Root released the email addresses and pins/account numbers of well over over 350 Space-mail account owners, along with the location of unique IP addresses of over 200 more.

Official Website: http://www.onspace.com.br/
Space-mail Login Portal: http://www.spacemail.com.br/spacemail/

Data Leak 1: https://pastebin.com/9Pry3QAY
Data Leak 2: https://pastebin.com/aCkH9ase

Screen Shot from Hack:

No photo description available.

No photo description available.

Another Day, Another WordPress Plugin Designed To Comply with EU Law Compromised

As was reported by Catalin Cimpanu of ZDNet yesterday, November 9th 2018, earlier this month researches discovered vulnerabilities in a new WordPress plugin used to help site owners comply with GDPR Laws passed by the European Union earlier this year. According to Cimpanu, the WP GDPR Compliance plugin produced by Van Ons was effected, potentially compromising over 100,000 WordPress owners whom have already installed it on their sites before November 2018.

Hackers have exploited –and are currently continuing to exploit– a now-patched zero-day vulnerability in a popular WordPress (WP GDPR Compliance) plugin to install backdoors and take over sites” Cimpanu explained. Adding that “this backdoor script contains a file manager, terminal emulator, and a PHP eval() function runner,” allowing hackers to install further payloads at their discretion. “The second and supposedly more silent technique involves using the WP GDPR Compliance bug to add a new task to WP-Cron. The hackers’ cron job downloads and installs the 2MB Autocode plugin, which attackers later use to upload another backdoor script on the site.

It is important to note that Van Ons pulled the plugin off WordPress earlier this week, before placing it back online on November 7th – after the 0day vulnerability was patched. The plugin is safe to install today, but all of the sites that installed previous versions of the plugin before November 7th are still potentially compromised.

I don’t bring this story up to fill air time or report what Catalin Cimpanu has already reported a second time, just using different words. I bring this up because last year I had my website compromised by a different WordPress plugin, also designed to help website owners comply with EU laws and regulations. More specifically, my website was compromised by the EU Cookie Consent widget placed on WordPress, mandated by EU law, which allowed 3rd parties to run crypto-miners in the background of the web browsers of visitors visiting my website. I also wasn’t alone, this scam compromised over 200 websites before it was first reported – that researchers could even confirm. However, given that the EU Cookie Consent widget comes pre-installed on every premium WordPress theme/account, there is no telling how many sites were actually effected by the hack.

Granted I am an American website owner and do not have to comply with EU Laws if I don’t want to, what troubles me is the fact these plugins or widgets are only being installed so site owners can comply with EU law. In other words, these people are only being hacked because they are trying to follow the law. I was only hacked because I wanted to appear more professional and willing to appeal to a global audience. To this day I do not have to collect cookies if I do not want to, I do it to comply with GDPR rules so they cant decide to limit my site or audience. Quite frankly, it is irresponsible for the European Union to force website owners to install all of these measures without releasing software guaranteed to help keep people/site owners safe when doing so. GDPR rules and regulations were designed to keep people safe, not make it easier to hack websites – something WordPress and the EU needs to look at more carefully throughout the future.

Internet Router Security

This next bit is a little more “involved,” but it is pretty straight forward and something that almost no one in society seems to practice for some reason. You might be surprised to know that your internet router is completely unsecured straight from the company/manufacture, and the user name and password needed to physically access the routers settings is usually uniform. For example, here is the username and password for nearly every Comcast issued internet router, one of the US’s largest internet service providers.

User Name: admin
Password: password

As you can imagine, this is not exactly rocket science for anyone to figure out or crack, so you are going to want to encrypt your individual internet router by setting up your own password for it. You can find your routers unique IP Address by opening cmd and typing in “ipconfig/all” – then looking under “default gateway.” Next you are simply going to want to open your web browser and type in that number/IP Address into the URL and press enter, where you will be prompted to sign into your routers log in page. If you do not already know this information beforehand, you can find your routers default log in credentials by simply entering a Google search for it or calling your internet service provider.

Highlighting just how much of a priority router security should be for you, the fact that your routers login is publicly listed on the internet and the login is the same for every customer should tell you all that you need to know. Moreover, despite what your ISP might ask of you, this is also why you should never use your personal router as a free and public hotspot. For example, if you are using your router as a hot spot and have not changed your default login credentials first, then theoretically any person using that hotspot could access and corrupt your router using the same information I just provided above – it’s literally that easy. This includes gaining access to information like the IP Address of any/all devices which has ever connected to the internet through that router.

With that out of the way, once you have logged in and are messing around with your routers settings, you can do things like set up a new password for it, white-list selected devices allowed to access and strengthen the routers firewall. Another advanced security tip is to disable your router from publicly broadcasting your internet signal. To do this, simply have a look under settings and disable the “SSID broadcast” feature.

To understand why this is important, have you ever clicked on your devices Wi-Fi button to see all of the available networks in range around you – particularly in a large urban area? Unless you live way out in the country, in addition to your own, I ‘m sure you are used to seeing all of your neighbors wi-fi connections. Disabling the SSID broadcast feature on your router will prevent your network from being picked up by everyone else in your neighborhood, keeping your connection hidden, secret and more secure. After-all, if no one knows your network connection is out there then no one is going to be looking to mess around with or exploit it.

Now that you know all of this information, you might also want to start warning all of your neighbors/friends now too 😉