It turns out that even training people for ethical hacking can not save you from getting hacked. EC-Council, an ethical hacking certifying body known for its popular Certified Ethical Hacker (CEH) certification was hacked this weekend.
The photo IDs and passport scans of more than 60 thousand information security professionals who sought or obtained certification from EC-Council are not in danger of disclosure because of the breach. These professionals also include those from agencies like National Security Agency, FBI, UN Military and United Nations etc.
And interestingly Edward Snowden is one of those professionals because the hacker has posted his passport and experience letter from the NSA on the defaced page. He also wrote this message on the EC-Council website homepage:
“Defaced again? Yep, good job reusing your passwords morons jack67834#
owned by certified unethical software security professional
Obligatory link: http://attrition.org/errata/charlatan/ec-council/
P.S It seems like lots of you are missing the point here, I’m sitting on thousands of passports belonging to LE (and .mil) officials”
Reportedly the hacker used the DNS redirect to gain access to sensitive data stored at a location which was not properly protected. The hacker has claimed that he is “sitting on thousands of passports belonging to LE (and .mil) officials.”
According to CSO, the EC-Council website was reportedly having various vulnerabilities last year.