Social Engineering Blogs

An Aggregator for Blogs About Social Engineering and Related Fields

Hacker Steals User Data from Epic Games Forums

The usernames and email addresses of over 800,000 Epic Forums users were stolen by a hacker. According to Leakedsource.com, the attack happened on August 11. The hacker obtained the data by exploiting “a known SQL injection vulnerability found in an older vBulletin forum software, which allowed the hacker to get access to the full database” (ZDNet). In addition to the usernames and email addresses, the database contains scrambled passwords, IP addresses, birth dates, and activity such as posts, comments and private messages. Access tokens for Facebook were also breached. Epic Games has stated that the scrambled passwords will not be not easily crackable.

An Epic Games Spokesperson says that passwords do not need to be changed for the Unreal Engine and Unreal Tournament forum but a “compromise of our legacy forums covering Infinity Blade, UDK, previous Unreal Tournament games, and archived Gears of War forums revealed email addresses, salted hashed passwords and other data entered into the forums. If you have been active on these forums since July 2015, we recommend you change your password on any site where you use the same password.”

Epic’s Forums were also hacked last year.

The post Hacker Steals User Data from Epic Games Forums appeared first on Social Hax.

Did Another Hacker Steal NSA Exploits from the Shadow Brokers?

A Twitter user who goes by @1×0123 claims to have stolen the data that The Shadow Brokers hacked from the NSA.

nsa hacker

Gizmodo reached out to the hacker and were unable to verify their claims. However, back in April, NSA whistleblower Edward Snowden, gave them praise for reporting a vulnerability which may lend some credibility.

Thanks to @1×0123 for reporting a piwik vulnerability to @FreedomofPress! Great work. Got a bug report? Please contact @ageis with details.

— Edward Snowden (@Snowden) April 10, 2016

The hacker says they just need “some money to pay bills and stuff” and offered to share 50% of it with Gizmodo if they wanted to make an offer.

The post Did Another Hacker Steal NSA Exploits from the Shadow Brokers? appeared first on Social Hax.

Filed Under: NSA

Facial Recognition gets “Hacked” Thanks to Facebook

Facial recognition technology is utilized in many different systems. Biometric software is used in facial recognition tools for security purposes and other applications such as social media marketing. Algorithms use a statistical approach to identify facial features – and facial recognition is increasingly used as a crime-fighting tool. In the future it could be used to monitor employee attendance at work, to enhance security measures at ATMs and to prevent voter fraud. Many privacy advocates see a problem with this technology because it could quickly turn us into a surveillance society.

University of North Carolina researchers have discovered a way to get around facial recognition security. By using a virtual reality (VR) system to develop 3D models of the face, they were able to trick the biometric security measures. They did this with just a handful of photos found on Facebook and were able to fool the systems more than half the time (Newsweek).

Clearly this is a huge security flaw in the technology which means other types of “verifiable data” would need to be used for authentication in order for facial recognition to be a feasible option. One technique that could be used is the detection of infrared radiation which would be given off by a real face, not a 3D model (Techworm).

For more information on how facial recognition technologies work, check out this video from Brit Lab:

The post Facial Recognition gets “Hacked” Thanks to Facebook appeared first on Social Hax.