The last few days have witnessed a flurry of activity and data leaks from several hacker groups.
Anonymous has leaked VMware’s ESX Server kernel source code online, and the veracity of the claim has been confirmed on the company’s Security and Compliance blog.
“Today, Nov. 4, 2012, our security team became aware of the public posting of VMware ESX source code dating back to 2004. This source code is related to the source code posted publicly on April 23, 2012,” they wrote. “It is possible that more related files will be posted in the future. We take customer security seriously and have engaged our VMware Security Response Center to thoroughly investigate.”
Then, to celebrate the 5th of November (Guy Fawkes Day), the collective purportedly released classified and confidential documents stolen from the Organization for Security and Cooperation in Europe (OSCE), in order to bring attention to the attempted election manipulation in the Ukraine.
They also allegedly hacked PayPal, and leaked around 28,000 PayPal accounts. The leak supposedly contained entries from a customer database, complete with coded passwords and telephone numbers.
The links to the leak have been removed in record time, and PayPal has issued a statement saying that they are investigating the claim, but that they are yet to find evidence of a breach.
In the meantime, hacker collective Hack The Planet has allegedly targeted Symantec and image hosting website ImageShack, and breached their servers. According to their claims, they managed to do so by exploiting a zero-day vulnerability.
The leaks from those two breaches include Symantec’s file names, source code, and server information, and ImageShack’s database structures and user information (including usernames and password hashes).
Finally, a number of high and low profile sites have also been hacked and defaced: NBC, Saturday Night Live, a Lady Gaga fan site (all purportedly by a hacker that goes by the handle of Pyknic), the Ghana Consulate, Arcelor Mittal, and others.
The 5th of November isn’t over yet, so we can expect more defacements and leaks. The latest one by AntiSec consists of U.S. law officers credit card information, data stolen from Stratfor, News Corp., and others.