Hi, 
Guest
Pic
Sign In

wasc-whid@lists.webappsec.org

WASC Web Hacking Incidents Database

View all threads

WHID 2011-62: Another Xbox Live director hacked!

WW
WASC Web Hacking Incidents Database
Mon, Apr 25, 2011 1:13 PM

*Entry Title: *WHID 2011-62: Another Xbox Live director hacked!
*WHID ID: *2011-62
*Date Occurred: *April 6, 2011
*Attack Method: *Social Engineering
*Application Weakness: *Insufficient Process Validation
*Outcome: *Account Takeover
*Attacked Entity Field: *Entertainment
*Attacked Entity Geography: *
*Incident Description: *A hacker known as “Predator” has been able to phish
information from Xbox Live’s Director of Policy and Enforcement, Stephen
Toulouse (aka “Stepto”), gaining email and address information via his
personal website server and was then able to alter the Chief’s details
online.
*Mass Attack: *No
*Reference: *http://blog.gadgethelpline.com/xbox-live-director-hacked/
Attack Source Geography:

*Entry Title: *WHID 2011-62: Another Xbox Live director hacked! *WHID ID: *2011-62 *Date Occurred: *April 6, 2011 *Attack Method: *Social Engineering *Application Weakness: *Insufficient Process Validation *Outcome: *Account Takeover *Attacked Entity Field: *Entertainment *Attacked Entity Geography: * *Incident Description: *A hacker known as “Predator” has been able to phish information from Xbox Live’s Director of Policy and Enforcement, Stephen Toulouse (aka “Stepto”), gaining email and address information via his personal website server and was then able to alter the Chief’s details online. *Mass Attack: *No *Reference: *http://blog.gadgethelpline.com/xbox-live-director-hacked/ *Attack Source Geography:*
WW
WASC Web Hacking Incidents Database
Tue, Apr 26, 2011 12:02 AM

Ryan,

http://www.networksolutions.com/, rather than Stepto, was social
engineered and subsequently his DNS records were modified by
"PredatorSik" and the password reset to Stepto's X-BOX LIVE Account.

BTW, his handle is "PredatorSik" not "Predator" i.e.
http://twitter.com/#!/PredatorSik

YouTube URLs (now removed)
http://www.youtube.com/v/ryfZv_qq7Uk
http://www.youtube.com/v/f_jDglN0wVs

Mirror of the YouTube Video
http://www.tarreo.com/noticias/12607/Roban-la-cuenta-del-jefe-de-Politicas-de-Xbox-LIVE/

  • scroll down towards the end of the post but before the comments.

On Mon, Apr 25, 2011 at 11:13 PM, WASC Web Hacking Incidents Database
wasc-whid@lists.webappsec.org wrote:

Entry Title: WHID 2011-62: Another Xbox Live director hacked!
WHID ID: 2011-62
Date Occurred: April 6, 2011
Attack Method: Social Engineering
Application Weakness: Insufficient Process Validation
Outcome: Account Takeover
Attacked Entity Field: Entertainment
Attacked Entity Geography:
Incident Description: A hacker known as “Predator” has been able to phish
information from Xbox Live’s Director of Policy and Enforcement, Stephen
Toulouse (aka “Stepto”), gaining email and address information via his
personal website server and was then able to alter the Chief’s details
online.
Mass Attack: No
Reference: http://blog.gadgethelpline.com/xbox-live-director-hacked/
Attack Source Geography:

--
Regards,
Christian Heinrich

http://cmlh.id.au/contact

Ryan, http://www.networksolutions.com/, rather than Stepto, was social engineered and subsequently his DNS records were modified by "PredatorSik" and the password reset to Stepto's X-BOX LIVE Account. BTW, his handle is "PredatorSik" *not* "Predator" i.e. http://twitter.com/#!/PredatorSik YouTube URLs (now removed) http://www.youtube.com/v/ryfZv_qq7Uk http://www.youtube.com/v/f_jDglN0wVs Mirror of the YouTube Video http://www.tarreo.com/noticias/12607/Roban-la-cuenta-del-jefe-de-Politicas-de-Xbox-LIVE/ - scroll down towards the end of the post but before the comments. On Mon, Apr 25, 2011 at 11:13 PM, WASC Web Hacking Incidents Database <wasc-whid@lists.webappsec.org> wrote: > Entry Title: WHID 2011-62: Another Xbox Live director hacked! > WHID ID: 2011-62 > Date Occurred: April 6, 2011 > Attack Method: Social Engineering > Application Weakness: Insufficient Process Validation > Outcome: Account Takeover > Attacked Entity Field: Entertainment > Attacked Entity Geography: > Incident Description: A hacker known as “Predator” has been able to phish > information from Xbox Live’s Director of Policy and Enforcement, Stephen > Toulouse (aka “Stepto”), gaining email and address information via his > personal website server and was then able to alter the Chief’s details > online. > Mass Attack: No > Reference: http://blog.gadgethelpline.com/xbox-live-director-hacked/ > Attack Source Geography: -- Regards, Christian Heinrich http://cmlh.id.au/contact
Empathy v1.0   2024 ©Harmonylists.com