BGR India website hacked, company says old emails, hashed passwords etc dumped online

Hackers have reportedly compromised tech company BGR's (Boy Genius Report) India website and dumped its data containing emails, hashed passwords and other information on the Dark Web.

According to data breach monitoring service 'Under the Breach', hackers shared SQL databases from unsecured AWS (Amazon Web Services) buckets and one archive belongs to the BGR site in India.

The data leak was first reported by experts from the security firm Under the Breach. The full SQL backup contains emails, hashed passwords and other information, reports BleepingComputer.com.

"Actor dumps the MySQL database of http://bgr.in (@BGRIndia) a huge Indian tech news site! 2,000,000 monthly visitors, @BGR 11,650,000 monthly visitors! Hacked due to exposed s3 AWS bucket. Usernames, emails, passwords and more. Full SQL backup," tweeted Under the Breach.

Also Read: Hackers can use ultrasonic waves to activate Siri, Google to make calls, take images

In a statement posted on its website, BGR on Friday said an internal review has found that the exposed email ids and passwords belong to ex-employees of BGR India.

"All these email ids are now defunct and no longer in use. We, at BGR India, give safety and data privacy of utmost importance. At no point need any of our users to be worried about their personal data being misused," said the company.

A "full SQL dump" refers to all the posts on the site along with access credentials for authors and administrators.

The experts from Under the Breach said that credentials were stored in hashed form, converted with a function in WordPress.

"In most cases, hackers pay to have the hashes cracked. On some specialised sites, this service is advertised at a reasonable price."

Also Read: 7 in 10 organisations saw hacking attempts via IoT

According to the hackers, the overall dump contains at least 36,000 emails and logins for other affected websites like tradinggame.au.com and S3 Production.

Experts from Under the Breach found 16 SQL dumps contained in a seven ZIP archive, said the report.

Launched in October 2006 in the US, Boy Genius Report is a popular destination for breaking consumer electronics news as well as exclusive early looks at unannounced products.

It started off as a column written by Internet personality Jonathan Geller, who later converted it into a website.