Saturday, June 24, 2017
Home / Security / Breaches / National Institute of Health hacked 5000 user credentials leaked

National Institute of Health hacked 5000 user credentials leaked

A hacker going by the name KillCode has leaked over 5208 account credentials allegedly stolen from the IT Service Desk domain of the National Institutes of Health website (itservicedesk.nih.gov).

The leak comprises data found from the “dbo.User_Staff_JOIN” table of the “Remedy Mirror” database, and it includes password hashes, email addresses and usernames in the dump.  Luckily, the passwords appear to be decently encrypted.

At the time of this post, the site is down.  It appears like the admin of the site is patching the security flaw.

The hacker also revealed a XSS Vulnerability in a couple of high profile sites which includes Federal Aviation Authority (faa.gov) site, United States Air Force (airforce.com).

http://www.anonpaste.me/anonpaste2/index.php?f66e175690c6e859#K7+wRJKOEyqudHgnaXWcobPZdySSxrd2mZxsp0NzFOQ=
 http://www.anonpaste.me/anonpaste2/index.php?4ecd93394d6f7f5f#rq8lS4qTfDEkgp3VtR1ibqmCnqsHCX4mmPhwmH45KSI=

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Top Massachusetts hospital suffers a data breach

One of the United State’s leading hospitals, Massachusetts General (MGH), has fallen victim to a …