Back

Hacker claims UFC.com customer data copied, threatens release

Hacker claims UFC.com customer data copied, threatens release
January 27th 2012

It was inevitable. As soon as Dana White openly challenged hackers to have another go at taking the UFC website down, it was only going to be a matter of time before they got to work.

Last week hackers redirected the UFC.com address to a page which likened the company to Nazis because of their support for the SOPA (Stop Online Piracy) act, which has been accused of threatening free speech.

Following the UFC on FOX 2 pre-fight press conference yesterday, White told reporters that the hack had been untroubling. He laughed it off and then directly addressed the hackers, challenging them to “do it again, do it tonight.”

They obliged. Within hours, reams of personal data concerning White had been posted online. It included two phone numbers, lots of previous addresses and some financial information. The information was fairly inconsequential by itself, but was put out there just to show how quickly and easily such data could be found.

While this was happening, the ‘hacktivist’ group Anonymous was cracking its knuckles and getting ready to get to work on its keyboards. White’s twitter account was bombarded with messages from members who had taken offence to his statement that “the Internet [is] a place where cowards live… It's a place where cowards live. You [hackers] don't scare me.”

When White refused to retract the statement or apologise for it, attention turned to the UFC website once again. An infamous hacker with the handle ‘S3rver.exe’ hacked and defaced the web pages of both UFC.com and UFC.tv

Having previously breached the online security defences of Sony Pictures and played havoc with their website, S3rver.exe apparently did not find it particularly taxing to break through the digital walls of the UFC domains.

“I hacked those 2 sites this morning. One of them has 60+ vulnerabilities and ufc.tv has XSS, BlindSQL Injection and other vulnerabilities,” he told SoftPedia. The ‘SQL Injection’ is noteworthy as it is considered a rudimentary form of hacking and if that method was available, it means that the UFC site has at least some poorly-written code and could be exploited by hackers with fairly basic levels of skill.

Last week’s hack on the UFC site apparently did not involve any data stored on the site, such as credit card details of customers who had purchased from the UFC webshop. But the hacker responsible for the latest invasion has specifically stated that he has accessed and copied such data from the site. He says he will post the date to the torrent site PirateBay if there is further provocation from White.

While losing control of the site’s url for a few hours is a minor inconvenience, having customer’s confidential data made freely available would be a huge problem for the UFC and may even leave them legally liable to anyone who suffered as a result.

According to the twitter feeds of several prominent hackers, more attacks on UFC webspace are planned for tomorrow.

 https://twitter.com/#!/s3rverexe

Comments

  • Rod

    Posted at 21:26 on January 27th 2012

    Video won't play, is is supposed to?

    Reply to comment

  • NoName

    Posted at 23:27 on January 27th 2012

    Its a shame, this could ruin his brand. Also lead to him stepping down as CEO. If personal Information like CC is leaked he is reasonable because his decisions to give permission / (challenge) hackers to do so. This could end up costing the company over 100million dollars. Between lawsuits, and providing CC insurances for every single on of its customers for the next two years. I would not be surprised if this turns really bad and he is forced to step down as CEO and stay behind the scenes.

    Love watching UFC, but will not support ANY company that supports censorship.

    Reply to comment

  • Paul in South Africa

    Posted at 08:19 on January 29th 2012

    I am flabbergasted that the site was open to something as basic as SQL Injection. Any web developer with half a brain should have been able to stop that.

    Reply to comment

Post your comments...

Please provide all the required fields

Please provide a valid email address