Hackers are exploiting user-generated content features of social media websites, a study has revealed.
In March 2012, Lulzsec hackers attacked the site and disclosed sensitive information on more than 170,000 members.
“Social networking, user-generated content and PHP-based applications are prevalent on the web, but this report gives pause to consider how easily sensitive personal information can be accessed through these channels,” said Amichai Shulman, chief technology officer at Imperva.
Many social media sites run PHP, a web development language common to more than 75% of websites. This makes them vulnerable to remote and local file inclusion attacks, which can be launched from user-generated uploads.
“The attack on MilitarySingles.com highlights the need for government and military personnel to have special policies regarding social networking, to prevent their information from being easily accessed and manipulated,” said Shulman.
Imperva believes more than 90% of the MilitarySingles.com passwords were cracked in 9 hours. This points to a need to encrypt passwords to prevent future breaches, the company said.
The findings of the research calls into question whether it is appropriate for military and government employees with links to sensitive information to participate in social networking websites, said Shulman.
"The findings suggest new public security policies may be required to prevent future breaches," he said.