[ISN] Hacker invades MuchMusic's Web site, lifts entrants' telephone numbers, ages

From: InfoSec News (isnat_private)
Date: Mon Aug 27 2001 - 05:52:49 PDT

  • Next message: InfoSec News: "[ISN] Teaching job for hacker"

    [While its rare for me to post news about website defacements, unless
    its a high profile site, like ACM, NASDAQ, or Attrition. :) I feel a
    need to post news about this defacement only because I *USED* to watch
    a great deal of MuchMusic's late-night programming in the USA. That is
    until the powers that be in Toronto decided they should drop a huge
    chunk of their Canadian programing and start a channel like MTV, 
    (a network still confused on what the M in MTV stands for), and start
    a whole new channel in the USA called MuchMusic.tv. Now not to sound
    like this is a rant. :) but one of the highlights of watching
    MuchMusic in the USA, was Ed the Sock, http://www.edthesock.com/ &
    with the new American programing, one of the Canadian programs to get
    nixed was Ed's show. While this is a show of a sockpuppet, Ed has some
    really fresh & bright viewpoints on pretty much everything, and its
    actually worth watching in a world of 500+ channels.   - WK]
    TORONTO (CP) [Aug. 24, 2001] - MuchMusic warned Thursday that some
    people who entered a contest on its Web site may have had their
    private information seized by a computer hacker.
    "We are sending this important message to alert you to the fact that
    we have reason to believe that our contest databases may have been
    compromised," reads an e-mail sent to contest entrants.
    Contestants gave their ages, telephone numbers, age, and other
    personal information when they visited the music channel's site.
    The issue came to light after some entrants received prank phone calls
    from someone claiming to be a MuchMusic employee.
    "We are taking these complaints very seriously and have launched an
    investigation," the MuchMusic e-mail reads.
    An advisory on channel's Web site Thursday night explained how to
    identify a phone call from a legitimate MuchMusic employee and urged
    kids under 18 to alert their parents if they receive a prank phone
    We are sending this important message to alert you to the fact that we
    have reason to believe that our online contest databases may have been
    Keeping your personal information confidential and secure is very
    important to us and we have taken appropriate steps to ensure that all
    such data remains private. However, as the Internet is not a 100%
    secure environment, there is the potential for your personal data to
    get into the wrong hands.
    Recently, we learned that some of our contest entrants received
    "prank" phone calls from people pretending to be MuchMusic employees.
    We are taking these complaints very seriously and have launched an
    If you receive a call from anyone telling you they are from MuchMusic
    and they ask you to do anything OTHER than to dial our headquarters at
    416 591 7400 followed by a four-digit extension, HANG UP. This is a
    prank phone call.
    If you are the victim of such a prank phone call and are under the age
    of 18, IMMEDIATELY tell your parents what has happened.
    In addition, the phone company suggests that you do the following:
    - dial *69 immediately following the prank phone call to identify the
    number of the caller. Write down the number and alert your local
    telephone company.
    - In the event the number is blocked, dial *57. This registers the
    call with your phone company. For further advice, you should then
    contact your phone company by dialing "0".
    Please note that the phone company bills you for these *69 and * 57
    Heres how you can tell a real MuchMusic contest call from a prank
    call: youll get a call between 9 a.m. and 7 p.m. local time from
    someone in either the MuchMusic Promotions department or the MuchMusic
    Website department. That person will simply give you their name, say
    theyre from MuchMusic, and ask you to call back MuchMusic headquarters
    at 416-591-7400, followed by a 4-digit extension. When you call back
    that number, you will reach that same MuchMusic employee or her/his
    voicemail. That SAME person will then call you back and start the
    contest process.
    If you have any questions, please send an email to
    contestsat_private Please make sure to put the following in the
    subject line: "Contest Security Question".
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Aug 27 2001 - 08:10:31 PDT