Back

Hacker claims UFC.com customer data copied, threatens release

Hacker claims UFC.com customer data copied, threatens release
January 27th 2012

It was inevitable. As soon as Dana White openly challenged hackers to have another go at taking the UFC website down, it was only going to be a matter of time before they got to work.

Last week hackers redirected the UFC.com address to a page which likened the company to Nazis because of their support for the SOPA (Stop Online Piracy) act, which has been accused of threatening free speech.

Following the UFC on FOX 2 pre-fight press conference yesterday, White told reporters that the hack had been untroubling. He laughed it off and then directly addressed the hackers, challenging them to “do it again, do it tonight.”

They obliged. Within hours, reams of personal data concerning White had been posted online. It included two phone numbers, lots of previous addresses and some financial information. The information was fairly inconsequential by itself, but was put out there just to show how quickly and easily such data could be found.

While this was happening, the ‘hacktivist’ group Anonymous was cracking its knuckles and getting ready to get to work on its keyboards. White’s twitter account was bombarded with messages from members who had taken offence to his statement that “the Internet [is] a place where cowards live… It's a place where cowards live. You [hackers] don't scare me.”

When White refused to retract the statement or apologise for it, attention turned to the UFC website once again. An infamous hacker with the handle ‘S3rver.exe’ hacked and defaced the web pages of both UFC.com and UFC.tv

Having previously breached the online security defences of Sony Pictures and played havoc with their website, S3rver.exe apparently did not find it particularly taxing to break through the digital walls of the UFC domains.

“I hacked those 2 sites this morning. One of them has 60+ vulnerabilities and ufc.tv has XSS, BlindSQL Injection and other vulnerabilities,” he told SoftPedia. The ‘SQL Injection’ is noteworthy as it is considered a rudimentary form of hacking and if that method was available, it means that the UFC site has at least some poorly-written code and could be exploited by hackers with fairly basic levels of skill.

Last week’s hack on the UFC site apparently did not involve any data stored on the site, such as credit card details of customers who had purchased from the UFC webshop. But the hacker responsible for the latest invasion has specifically stated that he has accessed and copied such data from the site. He says he will post the date to the torrent site PirateBay if there is further provocation from White.

While losing control of the site’s url for a few hours is a minor inconvenience, having customer’s confidential data made freely available would be a huge problem for the UFC and may even leave them legally liable to anyone who suffered as a result.

According to the twitter feeds of several prominent hackers, more attacks on UFC webspace are planned for tomorrow.

 https://twitter.com/#!/s3rverexe