T-shirt Decorator Reports Unauthorized Access on Partners

Garment decoration service provider Spreadshirt has confirmed that re-used credentials were used to access partner websites.
In an email alert shared with Infosecurity, Leipzig-based Spreadshirt said that it was able to detect the unauthorized access attempts on partner accounts which were aiming to extract lists of addresses and passwords from the company's online platform.
“We conducted a comprehensive and thorough review of partner data for any questionable activity once we had become aware of the activity,” the message read.
In a second email sent today (6 January), Spreadshirt confirmed that “fraudulent log-in attempts to Spreadshirt Partner accounts have been made. The attacker(s) used lists of email addresses and passwords obtained from compromised online services and used them against Spreadshirt Partner accounts.”
The company believed that the attack was facilitated by credential re-use, and has implemented a password reset. In a statement issued to Infosecurity, a company spokesperson said: “We took action immediately when we noticed the first fraudulent logins and asked the affected Partners to change their passwords and check their payout details.
“Because the attack is still ongoing and because not all partners changed their passwords we decided to reset them in all affected accounts yesterday, 5 January 5. All other Spreadshirt Partners received an email yesterday asking them to change their passwords and giving tips how a secure password should look like.”
Asked how it was able to detect the unauthorized access and in what time frame, the company said that it “reacted immediately and had taken all necessary measures to protect our Partner accounts”.
The spokesperson added that it “reacted immediately, re-set the passwords of affected partners and asked all others to set new passwords and check their accounts.”
“The attacker´s goal is to change the Paypal payout address for the commission payout in the Partner account and thus get the money. Spreadshirt partners have no financial damage. The commissions will be paid out with the next payout.” The company did not answer a question on how fast it was able to detect, or if any records were affected.

南京市高淳区组织烟花爆竹安全专题培训
IT security consultant Tom Salmon, who alerted Infosecurity to the issue, said that this is quite a common attack vector, and he suspected that the access was detected due to decent monitoring.
“In this case, the compromise method was simple – the attackers used credentials previously stolen in other attacks to log in to Spreadshirt Partner accounts that had used the same username and password between multiple sites,” he said.
信息安全等级保护工作是我国实施信息安全保护的重要战略举措,是维护国家安全、社会稳定和公共利益,保障和促进信息化建设健康发展的一项基本制度。
Salmon recommended monitoring publicly available databases of accounts known to have been compromised, and take steps to temporarily disable the user account until they have changed their password. Also, if they detect a high number of failed login attempts, followed shortly by a successful login, there is a high likelihood someone has guessed a password or tested a bulk list of accounts.
“If neither of these changes or indicators were actively monitored the final method of detection would be the affected users wondering why they were not paid. This would have triggered an investigation.”
针对提供关键基础架构服务的公司的攻击在上升,我们需要未雨绸缪、防患未然的安全理念,知晓在高度自动化的体系出现故障时如何应对。

猜您喜欢

山西通信管理局举办2016年行业安全生产管理培训
信息安全基础试卷
如何防范智能手机LBS地理位置信息泄露
抗雾霾不能盲目润肺 这些食物帮你清肺排毒
KULTURALIBERALNA HILTONHEADHIGHSPORTS
企业安全歌,唱红中国,唱响全球