Monday, May 16, 2022

Billabong Company site hacked by @GoatseSec

Billabong, a huge brand in the sports of skateboarding and surfing  has been hacked today after the hackers gained access to the database via a exploitable WordPress installation   The domain and exploit the hackers used to gain access has not been released yet.  @GoatseSec claims responsibility for this hack, they posted a status via their Twitter page after the act, you can view the tweet at the bottom of this post.

GoatseSec also posted a Pastebin contained more information about the hack. Accounts and password hashed data was leaked, totaling 11 user accounts.

GoatseSec said that in addition to the 11 user account leak, they have more they will be releasing and dumping to Pastebin.

Within an unknown amount of time we are expecting more data to be released from these databases which have the table name “north_shore_chronicles_wp” which gives small hint as to which part of the Billabong websites has been breached.

You can view some of the dump on Pastebin below.


                           _____            _             _____          
                         / ____|           | |           / ____|          
                        | |  __  ___   __ _| |_ ___  ___| (___   ___  ___
                        | | |_ |/ _ \ / _` | __/ __|/ _ \\___ \ / _ \/ __|
                        | |__| | (_) | (_| | |_\__ \  __/____) |  __/ (__
                         \_____|\___/ \__,_|\__|___/\___|_____/ \___|\___|
                                              Episode : 1 [Pt. 1]
                                       Title : Pwnin' the bongs.
                      Author(S) : TylerOfGoatseSec & RobTheGod (Catch me on IRC)

We goatsesec hold valuable information from the BillaBong database, we recently accessed the database from a PHP security flaw and figured that we'd exploit it. Also, more than 37,000 users are at risk due to this attack, we have a little spoiler for you, hours from now or even DAYS you will see the damage that can be done to a website because they cannot secure themselves. #GoatseSec




About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …