‘SitePoint’ Data Breach Ends up in a User Database Leak

  • ‘SitePoint’ has had a data breach that escalated to user data access, exfiltration, and leak.
  • The actors who got their hands on this data launched a crypto-themed phishing campaign.
  • The platform admitted the incident now and reset all user passwords while also upping the character number requirement.

Hackers have breached ‘SitePoint,’ the Australian web developer-focused book publishing, forum, job finding, and newsletter distribution platform. The website was launched over two decades ago, and today it enjoys a big and vibrant community of programmers and IT professionals in general.

Unfortunately for the platform and its members, hackers have managed to gain access to a third-party tool the admins used for GitHub account monitoring, stole API keys from there, and eventually accessed the codebase and system.

The actors then proceeded to steal user data from the backend and then started distributing fake cryptocurrency giveaway emails to the members, making SitePoint appear as the sender. Many of the recipients reported this to the platform, realizing that they were being phished, so a subsequent investigation confirmed the breach.

Now, SitePoint distributes real messages to its members, informing them that a third-party has accessed its infrastructure and that their accounts have been reset as a precautionary measure.

Source: Bleeping Computer

Users will have to use a new password that has a minimum length of 10 characters from now on. As for those already stolen, the platform says they were properly hashed, so it’s unlikely that the hackers will ever get to decrypt them. Still, though, to avoid any credential stuffing surprises elsewhere, you should perform resets to wherever you may be using the same password and email address.

SitePoint also offers a paid subscription that gives users access to hundreds of publications. However, as the platform clarified, they keep no financial information like credit card data on their systems, so that kind of details cannot have been leaked.

However, though, what has been leaked is a dataset that is being offered for free by the notorious data broker ShinyHunters, who defined 'Learnable.com' as the owner. Since that domain redirects to Sitepoint’s site, it is clear that the exfiltration that took place during the breach has already changed many hands in the underground.

The database consists of just over a million records and contains usernames, email addresses, bcrypted passwords, DoB, IP address, authentication tokens, user photo, and more.

Source: KELA

Using KELA’s cyber-intelligence tools, we have found that the first post of this dataset came out on January 26, 2021, so it’s been ten days already. So, it’s possible that SitePoint knew about this and chose not to disclose the incident but admitted it only when the phishing emails started to reach users. Obviously, that was the second stage of the development, with other actors using the data shared by ShinyHunters to launch phishing campaigns.

How to Watch Ben Roberts-Smith: Truth on Trial Online from Anywhere
Ben Roberts-Smith: Truth on Trial is an upcoming documentary that centers around the investigative findings by journalists Nick McKenzie and Chris Masters...
How to Watch Yes, Chef! Christmas Online from Anywhere
Yes, Chef! Christmas follows Alicia, a culinary school instructor with no goals or aspirations. When Alicia receives an invitation to compete in...
How to Watch European Rugby Champions Cup 2023 Online Free: Live Stream the Matches from Anywhere 
The tenth season of the European Rugby Champions Cup, aka Investec Champions Cup, is upon us. Rugby fans in the UK can...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari