The hacker DMT, part of the Team Dig7tal group, has made public some information he obtained after breaching the official website of the National Film Board of Canada (www.onf-nfb.gc.ca).
“I proudly present to you the dump from a subdomain of the National Film Board of Canada. It averages 1 million views a day, and it's website is worth about $6.8 million,” he wrote.
“Naturally you would think there would be tons of super sensitive info, but sadyl, there wasn't :( The juicy infoz was limited to user name and password data, among the applicants for a scholarship they run I guess.”
The hacker hasn't revealed the precise location of the vulnerability, but he has told us that he found it in about 4 minutes.
“There isn't really much to say about this hack, other than that Canadian government operated websites REALLY REALLY need to get some better security. I've come up with a personal little project of mine that is to hack Canadian government operated websites, so stay tuned everyone!”
From the user table, the hacker has leaked around a dozen email addresses, usernames, names, password hashes and telephone numbers.
The information stored in another table, called suzuku_application, which the hacker believes to contain the details of scholarship applicants, has also been published online.
The approximately 180 record sets include data such as email addresses, names, phone numbers, contact information, and school details.
This is not the first time when DMT and his crew breach a major site to highlight its vulnerabilities.
On April 1, they leaked 139 records containing usernames and password hashes from the University of Palermo.
Other previous targets include the Los Alamos National Laboratory, the Photography Masters Cup, University of Nebraska-Lincoln, and the Dejen Aviation Industry from Ethiopia.