Earlier on 5th November a well known hacker group, Hack the planet had released a Zine which contains breached information on 2 well known website image service Imageshack and anti virus giant Symantec and a 0 day exploit has been released for ZPanel Hosting control panel systems.
Even though the leak is clearly marked as being done by HTP other media has been reporting these two attacks as part of Anonymous #Nov5 attacks which have started today.
The leaked data was uploaded to various places, and contains a heap of information from the Imageshack server as well as all the exploits or vulnerabilities they had found and a reason behind the attack ”Well, we like a challenge, so we decided to find out what changes were made. “.
NBC’s site wasn’t the only one to have been hacked because of Guy Fawkes Day. Over the past day, a number of apparently Anonymous-affiliated hackers have gone after LG, ImageShack, Symantec, and other sites, either defacing them or publishing what they claim is private data. In the former category, Argentina’s Caja Popular bank temporarily bore an AntiSec banner and a manifesto supporting Jeremy Hammond, who was arrested as part of a sweep against LulzSec in March. The site now appears to be down. In the latter group, the evidence of hacking is less clear but the implications potentially worse.
“IMAGESHACK HAS BEEN COMPLETELY OWNED, FROM THE GROUND UP.”
One Pastebin document contains what its authors say is data from ImageShack and Symantec servers; they claim that “ImageShack has been completely owned, from the ground up. We have had root and physical control of every server and router they own. For years.” In another incident, “UR0B0R0X” posted account email addresses and password hashes allegedly from LG Smart World, and someone else uploaded the alleged details for 28,000 PayPal accounts.
With the exception of the highly visible Caja Popular hack, these security breaches haven’t been confirmed. PayPal’s Anuj Nayar has said on Twitter that the company has “been unable to find any evidence that validates” the claim. Symantec told us that it is investigating the alleged hack but that “we have found no evidence that customer information was exposed or impacted,” which doesn’t rule out some kind of compromise. Meanwhile, more incidents are still being reported as these loose combinations of prank and civil liberties protest continue through the 5th of November.
Update: The PayPal hack, at least, appears to have actually affected another service instead — it was reportedly targeting the ZPanel control panel.