Hacker defaces Zameen.com, leaks database online

Published: May 28, 2016
As much as 600MB of data was put up online by the alleged hacker for download. PHOTO: AFP

As much as 600MB of data was put up online by the alleged hacker for download. PHOTO: AFP

Pakistan’s leading real estate portal Zameen.com was reportedly hacked on Saturday.

A Twitter account, @TigerMate_bd, claimed that it was able to hack into the portal and dump confidential user data online. Leaked data included user names, encrypted passwords, email addresses, phone numbers and other sensitive information.

People on social media uploaded screenshots of the defaced website, with a message posted by the hacker.

It is still unclear how much user data was compromised but 600 megabytes of data had already been uploaded by the alleged hacker.

K-P Assembly’s website hacked, restored

To substantiate his claim, the alleged hacker, who is apparently operating from Bangladesh, also posted a link to Zone-H, an archive of defaced websites.

Once a defaced website is submitted to Zone-H, it is mirrored on the Zone-H servers and then moderated by Zone-H staff to check if the defacement was fake. However, the mirror is still on-hold and not verified as of yet.

The real estate portal is now back online but there is no confirmation on whether the information of its users has actually been compromised.

Later on, the alleged hacker said he is taking down the leaked uploaded online adding that “I think I’ve made my point. Taking down the source code + database.”

The Express Tribune made numerous attempts to contact Zameen.com’s representatives before publishing the story. The attack comes at a time when the real estate portal is holding two-day property expo in Lahore.


Facebook Conversations

Reader Comments (5)

  • Brainy Bhaijan
    May 28, 2016 - 10:21PM

    Not sure what software they were using, but nowadays WordPress or Joomla is the way forward.
    It is always better to use open source software. For example tribune.com.pk is using wordpress with cloudflare. As long as they keep the WP updated, nothing can get in.
    Notwithstanding disgruntled employees that is.Recommend

  • brainless bhaijan
    May 28, 2016 - 11:54PM

    why cant i find tiger mates twitter account Recommend

  • Basit
    May 29, 2016 - 12:21AM

    Passwords aren’t encrypted when stored in a database. They are hashed after appending a random salt (random string of characters). The hash and the salt are then stored in the database. When a user tries to login the salt is read from the database, appended to the password the user has submitted and the whole thing is hashed. If it matches the hash in the database then the user is successfully logged in.

    It’s designed this way so that if the database is compromised all you have are salted hashes that you can’t reverse. The salting prevents rainbow table attacks i.e. you can’t compare with pre-computed hashes of common passwords.

    This is the proper way to do it and one hopes the zameen.com guys did it like this.Recommend

  • May 29, 2016 - 1:07AM

    @Brainy Bhaijan:

    “As long as they keep the WP updated” How much would you pay me if i hacked into tribune ?Recommend

  • doggy-mate
    May 29, 2016 - 6:39PM

    just another marketing gimmickRecommend

More in Pakistan