Museum With No Frontiers Hacked, User Passport Credentials Leaked
A hacker using the Anonymous handle has posted a paste to pastebin that contains a leaked database from the Museum With No Frontiers (https://museumwnf.org/). The leak was announced late yesterday with a simple post that contains no real message, a link to a 5.6mb archive on anonfiles and a list of database tables and basic information from the Museums server which is located in Belgium. > Museum With No Frontiers (MWNF), an international non-profit organization founded in 1995 as a result of the Barcelona Declaration by Eva Schubert, with the goal of launching a formal partnership between the European Union and its Mediterranean neighbours, which recently resulted in the constitution of the Union for the Mediterranean. wikipedia
The leaked data contains personal information such as clear text passwords, emails and very sadly complete passport details including full names, addresses, passport ID’s, Passport issuers and passport types. Other information in the leak comes appears to be related to the museum and its contents and activities its involved with. Funny enough the hackers have claimed to censor any critical information in the release note, but it does not appear they have done this to the full.
Hacked by Anonymous. The file contains full database of museumwnf.org **i removed some stuff related to finance… **tables i find interesting have been marked with [#] only interested in passwords and personal stuff.
The leaked data that is critical is in a couple of different files which are raw database extractions and altogether about 1300 different people have had a range of personal information leaked with a bulk of these coming from the sites user registration which stores location, emails, full names and clear text passwords. The passport information is related to a table called co_experts_personal and contains complete personal information. The storage of personal data like this in an unecrypted state on unsecure websites should be classed as illegal as it is very damaging to people to have such information published online as it can be used very maliciously for a wide range of uses. ### Breakdown of Details
co_entities_contact_persons.html count: 2 column:emails, fax, phone, modile, first name, last name users.html count: 6 column:task email expire username comments password last_name first_name co_experts_r_personal.html count: 41 column:expert_id passport_validity languages birth_date birth_place languages_ro passport_date passport_number passport_issuedby co_experts_personal.html count: 147 column:expert_id passport_validity languages birth_date birth_place languages_ro passport_date passport_number passport_issuedby passport_issuedplace **museum_registeration.html **count: 1167 column: id city mode email country reg_date password user_name last_login Source: pastebin