Pornhub: nobody hacked us, it's a hoax
It seems that the hacker Revolver just joked
Less than 20 hours after the announcement of the hacking of Pornhub , the hacker Revolver reported that buyers of the exploit for full access to all the resources of the company's server were found. Let me remind you that a 19-year-old attacker asked for $ 1,000 for his exploit. As proof of hacking, he published two screenshots .
')
He also spoke about total control over the server, and refused to participate in the Pornhub vulnerability scanner for a fee. Initially, the company itself made a preliminary statement, saying that hacking is unlikely to be true. After a detailed study of the situation, the company's specialists confirmed what was said earlier: no one got access to the working server.
The exploit appeared four days after the announcement of the program of cooperation with hackers
Every day, Pornhub is visited by 30 to 60 million people, and the resource is a desirable goal for many intruders, because if you find vulnerability and gain access to the server, all of these tens of millions of people become potential victims of malicious software, including cryptographers, malware, etc. The total "profit" can be huge. It would seem that access to Pornhub costs a lot of money, but Revolver requested only $ 1,000 for its exploit.
And this is despite the fact that the promised reward for detecting vulnerabilities of this kind is much more than $ 1,000.
Revolver (1x0123) - famous person on the exploit market
By itself, Revolver is a fairly well-known person; he made a name for himself by developing exploits for known resources. His name (or rather, nickname, he does not disclose his name) became known after a successful attack on the Mossack Fonseca server. It was this company that became the source of the leakage of the “Panamanian documents” .
A few weeks ago, the same hacker stole data from Naughty America's servers, and also developed an exploit to access the internal resources of the LA Times.
Revolver usually talks about his actions on Twitter. He has already managed to report problems with Telegram, SourceForge, New York Times, Outlook.com, US Land Forces, NASA servers.
One day, he notified Edward Snowden of the vulnerability of the Freedom of the Press Foundation, for which he deserved the thanks of a former cyber intelligence officer.
An ordinary joke?
But this time, Revolver was either joking, or just decided to get some more popularity. In any case, the company Pornhub claims that no one has hacked into its server. Moreover, when the attacker gained access to the LA Times resources, company representatives confirmed the fact of compromise of their systems. When Revolver told about the successful SQL injection for Mossack Fonseca, the company did not confirm, but did not deny the fact of hacking. About hacking Naughty America became known from the media, whose representatives did not contact the resource itself to obtain confirmation or denial of the hacking fact. But here, perhaps all is true.
In the case of Pornhub, no one can confirm the fact of hacking - there are no technical details, nothing.
Representatives of the company say the following: “The Pornhub team studied the statement of the hacker 1x0123. Screenshots may look quite convincing for people who are unfamiliar with the company's infrastructure, but the attack described by the hacker is technically impossible. This incident is a clear hoax, Pornhub systems have not been hacked. The security and protection of our users is the most important task for Pornhub. We would like to remind everyone that Pornhub has a reward program for found vulnerabilities, with a maximum bonus amount for confirmed vulnerability $ 25,000. "
On Reddit, a company representative said that Pornhub was able to contact a hacker, and he reported a successful attack in the form of downloading an image file with PHP code inside. But Porhub servers are not configured to run PHP scripts, so this kind of attack is technically impossible. Consequently, everything Revolver said is a simple deception, a hoax.
What does Revolver say? Well, an hour ago he posted this in his Twitter:
What does it mean? It is unlikely that he will argue with Pornhub, we will not see a new proof of the hacking of the company's server from Revolver. Unless, of course, this hacking really was.
Less than 20 hours after the announcement of the hacking of Pornhub , the hacker Revolver reported that buyers of the exploit for full access to all the resources of the company's server were found. Let me remind you that a 19-year-old attacker asked for $ 1,000 for his exploit. As proof of hacking, he published two screenshots .
')
He also spoke about total control over the server, and refused to participate in the Pornhub vulnerability scanner for a fee. Initially, the company itself made a preliminary statement, saying that hacking is unlikely to be true. After a detailed study of the situation, the company's specialists confirmed what was said earlier: no one got access to the working server.
The exploit appeared four days after the announcement of the program of cooperation with hackers
Every day, Pornhub is visited by 30 to 60 million people, and the resource is a desirable goal for many intruders, because if you find vulnerability and gain access to the server, all of these tens of millions of people become potential victims of malicious software, including cryptographers, malware, etc. The total "profit" can be huge. It would seem that access to Pornhub costs a lot of money, but Revolver requested only $ 1,000 for its exploit.
And this is despite the fact that the promised reward for detecting vulnerabilities of this kind is much more than $ 1,000.
Revolver (1x0123) - famous person on the exploit market
By itself, Revolver is a fairly well-known person; he made a name for himself by developing exploits for known resources. His name (or rather, nickname, he does not disclose his name) became known after a successful attack on the Mossack Fonseca server. It was this company that became the source of the leakage of the “Panamanian documents” .
A few weeks ago, the same hacker stole data from Naughty America's servers, and also developed an exploit to access the internal resources of the LA Times.
Revolver usually talks about his actions on Twitter. He has already managed to report problems with Telegram, SourceForge, New York Times, Outlook.com, US Land Forces, NASA servers.
One day, he notified Edward Snowden of the vulnerability of the Freedom of the Press Foundation, for which he deserved the thanks of a former cyber intelligence officer.
An ordinary joke?
But this time, Revolver was either joking, or just decided to get some more popularity. In any case, the company Pornhub claims that no one has hacked into its server. Moreover, when the attacker gained access to the LA Times resources, company representatives confirmed the fact of compromise of their systems. When Revolver told about the successful SQL injection for Mossack Fonseca, the company did not confirm, but did not deny the fact of hacking. About hacking Naughty America became known from the media, whose representatives did not contact the resource itself to obtain confirmation or denial of the hacking fact. But here, perhaps all is true.
In the case of Pornhub, no one can confirm the fact of hacking - there are no technical details, nothing.
Representatives of the company say the following: “The Pornhub team studied the statement of the hacker 1x0123. Screenshots may look quite convincing for people who are unfamiliar with the company's infrastructure, but the attack described by the hacker is technically impossible. This incident is a clear hoax, Pornhub systems have not been hacked. The security and protection of our users is the most important task for Pornhub. We would like to remind everyone that Pornhub has a reward program for found vulnerabilities, with a maximum bonus amount for confirmed vulnerability $ 25,000. "
On Reddit, a company representative said that Pornhub was able to contact a hacker, and he reported a successful attack in the form of downloading an image file with PHP code inside. But Porhub servers are not configured to run PHP scripts, so this kind of attack is technically impossible. Consequently, everything Revolver said is a simple deception, a hoax.
What does Revolver say? Well, an hour ago he posted this in his Twitter:
This is a kind of stuff,
- 1x0123 (@ 1x0123) May 16, 2016
but sometimes drama pic.twitter.com/R2vujAqoKL
What does it mean? It is unlikely that he will argue with Pornhub, we will not see a new proof of the hacking of the company's server from Revolver. Unless, of course, this hacking really was.
Source: https://habr.com/ru/post/357084/
All Articles