Password Leaks Continue: Billabong, NVIDIA Accounts Compromised

UPDATE: A string of high-profile hacks against online forums and companies continued on Thursday, with news that forums hosted by the technology firm NVIDIA as well as the surf-ware vendor Billabong.

UPDATE: A string of high-profile hacks against online forums and companies continued on Thursday, with news that forums hosted by the technology firm NVIDIA as well as the surf-ware vendor Billabong.

A document posted on the Web site codepaste.net purports to contain both administrative- and user account information from the Australia-based clothing maker. The post, attributed to a group called WikiBoat, appeared on Wednesday. The group claims to have stolen information on 35,000 users of Billabong’s network. Also on Friday, graphics and visual computing technology firm Nvidia disclosed a breach of its user forums a week after mysteriously shutting them for unscheduled maintenance.

Nvidia told the Web site The Verge that the company was the victim of a “large scale attack by an unknown hacker.” The attacker was able to access a wide range of information on forum users including usernames, e-mail addresses and secured passwords (Nvidia claims their password values were both hashed and salted).

Billabong did not reply to a request for comment prior to publication of this story. In an e-mail response, Nvidia Vice President for Corporate Communications Bob Sherbin acknowledged that NVIDIA’s Forums, Developer Zone and Research sites were compromised in “what appears to have been a breach by third parties seeking sensitive information.” The company has suspended access to the sites and isn’t saying when they will again be available.

Sherbin acknowledged that account information was compromised on the Forums site, which has about 290,000 registered users. On DevZone, attackers took “some password hashes.” The company is still investigating the breach on NVIDIA Research, which only has around 1,200 users. 

The attacks are just the latest to nab high profile organizations. Search firm Yahoo! said this week that more than 400,000 users of its Yahoo! Voice service had their account information stolen in a computer breach at that company. Also, Android fan site Phandroid.com said that hackers compromised the AndroidForums.com site and stole user credentials there, as well

The attacks, which some have suggested are driven by a demand for e-mail addresses used to supply spam runs and targeted phishing attacks. They have raised questions, also, about the continued reliance on simple passwords to protect customer accounts, especially when that password information is stored in cleartext, as was the case at Yahoo!. 

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.