Just days after it was launched, the consumer price watch portal, 1pengguna.com got hit by a security breach with information of over 2000 users who signed up leaked. Online community portal, Lowyat.net posted a screenshot of what seem to be details who signed up with the portal.
For the past few days, web developers and security folks have found several vulnerabilities on the website and it was just a matter of time before something happens.
According to this Lowyat.net forum thread, several vulnerabilities were brought to light by RileksCrew a Malaysian hackers group, and that the admins were informed of it several days before, but no action were taken. The technique used to gain access to the website was a primitive SQL injection that should have never happened.
At least it looks like they did put an effort in encrypting the passwords, yet still if it’s MD5 hash, there are ways and techniques in decrypting it.
The Star reported that the RM1.4mil website was developed by Sands Consulting Sdn. Bhd. At the point when this article was published we have yet to hear any official word from them in regards to the security breach.
P/S: Read our previous writeup about the 1pengguna.com website.