ACS:Law Email Database Leaked onto The Pirate Bay
September 24, 2010
There appears to have been a serious data security breach on ACS:Law's website today, as the website's root directory was temporarily exposed for several hours. One of the files may have been a backup file of the website, which possibly included the firm's email correspondence of solicitor Andrew Crossley.
ACS:Law's website was initially brought down a well organized Denial of Service (DoS) attack that also targeted the MPAA, RIAA, BPI, Aiplex, and Davenport Lyons websites. The ISP hosting ACS:Law's website did the smart thing and suspended the account, preventing any further access to the site. However for some reason, the site became responsive again this morning, but not pointing to the typical ACS:Law website. Instead it pointed to ACS:Law's root directory - and possibly a treasure trove of information. How the site became activated is unknown, but could present an cataclysmic data breach, as a torrent file
claiming to be the internal email database of ACS:Law and solicitor Andrew Crossley has been posted to The Pirate Bay and on the web
According to the info file accompanying the torrent, the exposure of the email database is an extension of Operation Payback. The individuals behind the attack, know as "Anonymous", extended their DoS attack after Crossley told the Register, "It was only down for a few hours. I have far more concern over the fact of my train turning up 10 minutes late or having to queue for a coffee than them wasting my time with this sort of rubbish."
The website database file seems to have been snatched when the opportunity presented itself - how this happened is currently unknown. We are currently looking into the validity of this event, and will confirm or deny after our investigation soon.
We have confirmed that ACS:Law email account has been compromised. The HTML version of the emails covers about a month worth of data. There is a larger file that could contain a larger spread of content - we'll report when we receive further clarification.
There are several versions of the email database circulating. Andrew Crossley's personal emails cover approximately a month's worth of data, but various other emails (such as the ACS:Law's inbox and other employee accounts) cover much longer periods of time.
This story is filed in these Slyck News categoriesYou can discuss this article here
- 17 replies