A hacker claims to have accessed I-Dressup’s database due to an SQL vulnerability, resulting in data leakage of over 5.5 million user accounts.
I-Dressup Continues to Be a Vulnerable Internet Site
The security issue was reported two weeks ago, however, as the bugs are still not fixed the malicious hacker has started to expose the user accounts of the I-Dressup site. The biggest problem is that the passwords are stored in plaintext format, without any form of encryption, salting or hashing which are usually the norm when storing private information.
The criminal also claims to have access to more than 6.6 million profiles, and he is offering to sell the remaining accounts (4.4 million) to interested parties.
The company has still not commented on the issue in any way. The site administrators have not responded to messages sent by cyber security experts and the media about the case.
The hacker has stated that it took him/her three weeks to obtain the cache of the contents and there are no counter measures against the intrusion which could prevent the entire database from being exposed. The breach was made possible using an SQL injection attack that targeted discovered issues in the I-Dressup website.
The affected users are advised to consider closing their profiles temporarily to prevent their identity from being exposed. If they use the same passwords on other sites, they should change them immediately.
I-Dressup is a popular online site that is used primarily by computers users under 13 years to play makeover and dress-up games. The also offers a forum section where the users can also blog and interact with each other.