Research shows dangers of user-generated content

Hackers are exploiting user-generated content features of social media websites, a study has revealed

Hackers are exploiting user-generated content features of social media websites, a study has revealed.

The technique is highlighted in Imperva's latest hacker intelligence report by researchers who deconstructed a recent successful attack on

In March 2012, Lulzsec hackers attacked the site and disclosed sensitive information on more than 170,000 members.

“Social networking, user-generated content and PHP-based applications are prevalent on the web, but this report gives pause to consider how easily sensitive personal information can be accessed through these channels,” said Amichai Shulman, chief technology officer at Imperva.

Many social media sites run PHP, a web development language common to more than 75% of websites. This makes them vulnerable to remote and local file inclusion attacks, which can be launched from user-generated uploads.

“The attack on highlights the need for government and military personnel to have special policies regarding social networking, to prevent their information from being easily accessed and manipulated,” said Shulman.

Imperva believes more than 90% of the passwords were cracked in 9 hours. This points to a need to encrypt passwords to prevent future breaches, the company said.

The findings of the research calls into question whether it is appropriate for military and government employees with links to sensitive information to participate in social networking websites, said Shulman.

"The findings suggest new public security policies may be required to prevent future breaches," he said.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.