Trespassing Call of Duty players exploited an unseen vulnerability to gain access to a server containing sensitive person information.
Seacoast Radiology, a medical firm based in New Hampshire, has warned its clients to be on the lookout for possible identity theft after its servers were hacked by gamers looking to play Call of Duty: Black Ops. The server in question contained details like names, addresses, social security numbers, and medical histories for nearly quarter of a million patients.
In a message on a site established to inform people about the breach, clients were reassured that no credit card details were contained in the records, and not every record had a social security number attached. Investigators from ID Experts, who were brought in by Seacoast to determine the cause and source of the security breach, believe that the hackers only used the server to play games, and didn’t access any client information, but says that anyone affected should remain vigilant.
A system admin discovered the breach in November, after noticing an unusual drop in bandwidth. It’s not known exactly how long the hackers were using the server, but the vulnerability that they exploited has since been identified and fixed. Investigators think that the people responsible could be based somewhere in Scandinavia, although they also warn that anyone capable of hacking a server is also capable of spoofing an IP address.
Hopefully, this really is just the internet equivalent of trespassing. That doesn’t make it ok, but it’s a lot better than the much more malicious alternative of someone actively trying to take advantage of tens of thousands of sick people.
Source: The Register via Gizmodo