CTF365.com Website Hacked and User Information dumped on Pastebin
Yesterday I received a strange email displayed below. The email stated, “You’ve been compromised by cyberselfie” in the subject line. The email went on further to state.
“The security of a pentesting lab… a fucking joke…and they expect people to pay for such a crappy platform where the security is shit!!!
http://pastebin.com/c5a4bb1z
http://www.zone-h.org/mirror/id/23304152
http://www.zone-h.org/mirror/id/23304154”
I knew I had created an account on CTF365.com a while ago, I had heard some really good things about the site at a security conference, so my interested peaked and I immediately went over the their site. When I got there to my surprise I was greeted with the following page.
So what is CTF365.com?
CTF365 is a “Security Training Platform for IT industry with a focus on Security Professionals, System Administrators and Web Developers”. The Platform implements CTF (Capture The Flag) concepts and leverages gamification mechanics to improve retention rate and speed up the learning/training curve.
As of this morning, the site is still not functional, but we hope they can recover soon. The site provided a great training platform to individuals interested in learning more about information security defense and attacks in a fun manner. I have reached out to the staff on CTF365.com for more information. Below are some of their resent tweet about the breach.
So far only username and email addresses were exposed. Investigation continue. #CTF365
— CTF365 (@CTF365) November 25, 2014
We’ll keep updates in here FB and G+ @securityorb Investigation continue.
— CTF365 (@CTF365) November 25, 2014
As we discover more information we will share it with you all.
Email addresses and usernames were leaked. not passwords as you have in the title.