Hackers Claim Wall Street Resume LeakHackers Claim Wall Street Resume Leak
Team GhostShell members said they've leaked usernames, passwords, and resumes from jobs board ITWallStreet.com.
July 19, 2012
2012 Salary Survey: 12 Career Insights
2012 Salary Survey: 12 Career Insights (click image for larger view and for slideshow)
Many Wall Street workers and would-be employees got an unwelcome surprise Wednesday after a hacking group known as Team GhostShell leaked what it said was 50,000 user accounts for an online jobs board that focuses on Wall Street. The site, ITWallStreet.com, allows users to upload their resumes for searching by recruiters.
"IT Wall Street owned. Around 50.000 accounts compromised. The list contains both current, past, and rejected IT personal from Wall Street. The information is as detailed as ever with many other surprises in it. Please, enjoy," read a post to privatepaste.com signed by "Masakaki," who said he's "part of the Far-Eastern Financial District of #TeamGhostShell." The exploit was also announced by Team GhostShell on Twitter.
Reached by phone, a representative for Andiamo Partners, which runs the ITWallStreet.com website, said there was no one available to discuss the alleged leak, or whether it's investigating, and terminated the call. An email sent to an address listed on the company's website as a sales contact also bounced.
The post from Masakaki contained links to 12 posts made to both PasteSite.com and privatepaste.com. (A notice on the latter website, however, warns that "Due to continous [sic] abuse, privatepaste.com will be shutting down August 1st, 2012.") All 12 posts appear to have been deleted from both sites by site administrators.
But, according to news reports, the released data did appear to contain user credentials, including hashed passwords--some of which had been decoded into plaintext--for ITWallStreet.com users, as well as salary expectations, which ranged from $40,000 to $400,000. Other published information appeared to include emails between account managers and headhunters discussing clients' suitability for various roles. A published client list, meanwhile, included numerous Wall Street firms, such as Dow Jones, Morgan Stanley, and Wachovia Bank.
[ Learn One Secret That Stops Hackers: Girlfriends. ]
Despite the claim of having leaked about 50,000 user accounts, Masakaki noted that he'd held back 3,000 resumes from the data leak, "to trade them on the black market."
Why target Wall Street? In the post, Masakaki announced his support for the Occupy Wall Street movement, and appeared to promise further such disclosures. "GhostShell has been leaking left and right all kinds of targets, well we're here to bring some sort of order to it, which is why this district will function solely to provide leaks from an economical point of view, institutional and educational, but primary, it will focus on the financial aspect of things," according to his post. "With that being said, what better target to pick as a first release, than the place that puts all markets to shame in the world. Wall Street."
Previous Team GhostShell leaks have largely focused on Chinese websites as part of its "ProjectDragonFly," which the group describes as a "protest for freedom of speech in China." For example, Team GhostShell leader "deadmellox" claimed to have hacked 38 sites and released details on 200,000 accounts--including usernames and passwords--associated with numerous companies, including China Rencai, Mello Biotech, Yabao Hi-Tech Enterprises, as well as the Chinese branch of Fitch Ratings. Deadmellox also claimed to have exploited cross-site scripting vulnerabilities on numerous websites, including AOL, CNN, Puma, and Peugeot.
About the Author(s)
You May Also Like
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report
Building Immunity: The 2021 Healthcare and Pharmaceutical Industry Cyber Threat Landscape Report
The Rise of Extended Detection & Response