Customers Who Wanted to Hire Hackers Have Been Exposed
Technology // Web Services
A security researcher figured out a way to match the anonymous users of a hacker-for-hire website with their names, phone numbers and addresses.
Hacker’s List is like a Craigslist job board, but for hackers, according to Fusion.
“People who worried their significant others were cheating posted requests for a hacker to break into Facebook accounts, get Gmail passwords, and copy WhatsApp logs. Struggling students sought computer experts who could break into their schools’ computer systems and change their grades,” Fusion reports.
The site is accessible to anyone and Facebook users can sign in from their social network accounts.
Security researcher Jonathan Mayer, who wanted to see how a hacker economy operates, created a website crawler to gather data about what kind of projects were being posted and how much hackers were bidding on them.
But some might say he discovered a little too much.
“There’s an API for getting contact information associated with a project,” Mayer said.
Update: After this report, Hacker’s List sent out an email to users letting them know that it was disabling its Facebook log-in. “As with any website we have places we can improve,” Hacker’s List founder Charles Tendell said. “I appreciate Mr. Mayers’ work and he pointed out a place to improve on privacy and security. Since his release we have taken steps to mitigate this sort or disclosure and encourage our users to not place personal information on their posts.”
Mayer wrote about his findings May 21, and included a spreadsheet with the raw data from the crawl which includes more than 6,000 job postings. Among them were: hack a husband’s WhatsApp messages, delete a hated rival’s Instagram account, and access an ex-employee’s email account to see if they stole intellectual property.
One user, who signed up as “NeedHelp,” wanted a hacker to “guarantee he’d be accepted to the university” of his choice. When contacted by Fusion, he said he received responses but “nothing serious.” When Fusion asked if he was surprised at being outed for using the site, he said, “I feel as exposed to doing this as you would to changing your clothes in a public dressing room… you know the risks.”