Reports indicated that political news outlet Infowars had been a victim of a hacking incident. The hack resulted in account details of the site’s account owners being stolen, and they are now being paraded for sale on the dark web.
The data that is being offered up for sale seems to have been taken from one of the services that is offered up on Infowars. The service called the Prison Planet TV offers users additional access to various other content, and they need email addresses and usernames to access the service. It also turns out that the passwords on the service were poorly hashed.
One administrator from Databases.Land, a breach notification site confirmed the hack for shared close to 50,000 accounts with several reporters. One of the websites which got hold of the details, Motherboard, then went a step further by calling the users which were part of the details they had to confirm if the information in the breached data was correct. Motherboard also went to the Prison Planet TV website and login page and randomly selected 20 email addresses and passwords which all opened the accounts. Both of the tests conducted showed that the breached data was legitimate.
The problem however is if the data is up to date at the moment. One source at Infowars claimed that the data was taken from 2012, but a report from Yahoo put the date at 2014. The data is believed to have been accessed through an SQL injection web attack. In these kind of attacks, attackers can simply insert a malicious SQL injection, and after doing so can then be able to obtain some information from the database therein.
To exacerbate the situation for users, it seems like Infowars was just using MD5 encryption to protect the passwords. This kind of protection was created back in 1991 and has not been entirely upgraded which means it clearly has several vulnerabilities and weaknesses when protecting passwords. It has sometimes been described as cryptographically broken. Motherboard even went as far as to decrypt some of the passwords using a simple online tool that they had gotten for free.
Infowars claims that media sources have done a bad thing by recycling an issue that happened a while back instead of being apologetic about the problem they are facing. The site noted in one of its blogposts that after some investigation and research on the latest dump that was circulating they had ascertained that the hack was from 2012. At the time, Infowars alerted its users about the hack, and encouraged password resets, and also took measures to harden and strengthen the security of the site to prevent any further attacks.
The blog post goes on to say that they do not understand how news outlets still want to circulate a hack that happened four years ago. However Infowars said that even though they had taken measures before, they were still going to reset passwords once again, as a security measure rather than confirmation of a recent hack.