[ISN] ARRL Probing Web Server Breach by Hackers

Mike Check K5UCQ

For those that are ARRL members I have included an e-mail from a security subscription I receive.

If you utilize their website, I would recommend changing your password if it was established prior to April 2010. A hacker may have been able to obtain site usernames and passwords made during that time frame.


By William Knowles @c4i
Senior Editor
InfoSec News
October 10, 2014

Last month a web server at ARRL Headquarters was breached by an unknown party. ARRL IT Manager Mike Keane, said that League members have no reason to be concerned about sensitive personal information being leaked, and assures members that there’s nothing of financial value on the compromised server.

Some ARRL servers were taken offline and isolated from the Internet when the hack was discovered. Some web functions were temporarily disabled. The ARRL expects to restore service by close of business, on Wednesday, October 8, 2014

ARRL’s Mike Keane stressed that it is highly unlikely that any sensitive information was compromised. Any information the hacker might have been able to glean from the ARRL server, he said, is already publicly available — data such as names, addresses, and call signs that appear in the FCC database.

The hacker may have been able to obtain site usernames and passwords that were established prior to April 2010, and that have not been changed since then. ARRL members who have not changed their ARRL website passwords since early 2010 should do so at this as soon as possible.
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/