Windows Secrets Newsletter website hacked - gHacks Tech News

Windows Secrets Newsletter website hacked

Windows Secrets is known by many for its newsletter that gets sound out regularly to free and paid subscribers of the site. At its core, it is a news site that is publishing its stories on its website and the newsletter, with some articles released exclusively to paid subscribers of the service. Articles are written by professionals and experts making this one of the few newsletters around the web that is worth subscribing to.

It recently became known that the Windows Secrets Newsletter website got hacked. The attacker managed to brute force an administrator account to gain access to the site. Using the account, the hacker planted malicious code on the site to get access to the site's database and information. When subscribers and editors started to receive spam that appeared to come from Windows Secrets, site administrators began an investigation to find out what was going on.

They discovered the hacked administrator account and malicious code on the website, and removed all traces of the code and attack from the site. A full audit of the website, servers and sites on the same network is still undergoing.

windows secrets hacked

Windows Secret users need to know what has been compromised. According to site operators, the following information could have been exposed:

subscriber name, e-mail address, reader number, ZIP code (if applicable), geographic region, and hashed password — all the entries on your profile page.

It seems fairly certain that email addresses have been exposed, considering that users have received spam in the last days.  Payment information are not kept on site, and credit card processing is handled by a third party service exclusively. There is no indication at the time of writing that financial information were compromised in the attack.

It is recommended to change the account password at the earliest convenience on this page to protect the account from third party access. Subscribers who have used the same password on other sites should change it on those sites as well as it is likely that the attacker will try to use the email and password combination to log in on popular sites such as Facebook, Twitter or Google (provided that the brute-forcing of hashed passwords is successful of course). (thanks Ilev)

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. GiddyUpGo said on September 20, 2012 at 4:57 pm
    Reply

    I have been a subscriber to Windows Secrets almost from it’s beginning.
    I wonder why it took from the 11th to the 20th of Sept. before subscribers found out about the hack?

    1. Martin Brinkmann said on September 20, 2012 at 5:16 pm
      Reply

      They only seem to have found out on the 17th or so, and it takes some time to analyze and assess the situation.

  2. Tblogger said on September 20, 2012 at 6:10 pm
    Reply

    i am new to this site.Will it be safe to subscribe to its neWsletter now?

    1. Martin Brinkmann said on September 20, 2012 at 6:53 pm
      Reply

      Well you should be safe now, even though it may make sense to wait a few days for them to complete the full investigation.

  3. Jojo said on September 20, 2012 at 7:18 pm
    Reply

    Maybe the hacker didn’t get all email addresses? I have not received any spam email through the Win Secrets email address that I have allocated specifically to them.

    Speaking of Windows Secrets, the newsletter seems to be struggling the last 6 months. If it weren’t for Fred Langa, I am not sure they would have enough content to publish anything. Seems like a lot of writers bailed. What is the problem?

    1. Martin Brinkmann said on September 20, 2012 at 8:02 pm
      Reply

      I did not receive spam either, so there is a possibility for that.

  4. rick said on September 20, 2012 at 11:46 pm
    Reply

    There is a rumor that seems to have some traction and some sort of believability that it wasn’t a “hacker” but code left behind by one of the many site staff who have bailed. As Jojo noted, all has not been well for several months leaving Fred pretty much by himself and now with a serious mess to cleanup – if possible. As to why the exodus – I’ve heard that staff discovered the real $ being brought in, and “someone” didn’t want to amend the compensation arrangements.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.