« Clever spammer tricks | Main | Microsoft sues Israeli spammer »
February 22, 2005
How Paris got hacked?
Not really a spam story, but still email-related. You've probably heard about the repeated hackings of actress Paris Hilton's T-Mobile online account. In this article for O'Reilly Network, I report that her dog may indirectly be to blame.
Like many online service providers, T-Mobile requires users to answer a "secret question" if they forget their passwords. For Paris Hilton's account, the secret question was "What is your favorite pet's name?" By correctly providing the well-known answer, any internet user could change Hilton's password and freely access her account.
Thanks to the anonymous Internet user who tipped me off about this vulnerability, which has apparently persisted for almost a year, despite the high-profile and ongoing attacks on Hilton's account. (T-Mobile corrected the problem today.)
Posted by brian at February 22, 2005 6:40 PM
Comments
Brian,
That is definitely an issue - good call! Although, Hilton's Sidekick account was actually just one of many hacked along with many others by the Tmobile hacker Nicholas Lee Jacobsen (including that of the secret service agent who was at the time investigating the hacker). See http://www.aunty-spam.com/t-mobiles-trusty-sidekick-caught-in-compromising-position/ for more info.
Aunty Spam
Posted by: Aunty Spam at February 23, 2005 4:42 PM
Yes, as I mentioned in the article, Hilton's personal information has been floating around the Internet for around a year, since "Ethics" found his way into T-Mobile's customer account management system. As I reported, he was among the first to discover that Hilton used a weak password -- and an even weaker password hint!
Posted by: Brian at February 23, 2005 8:50 PM