High-profile hackings of 2015: Hemmakväll

In Information Security ByTeam Acumin / 23rd October 2015

One of the highest profile data breaches of 2015 was the hacking of the Swedish firm Hemmakväll, which got worldwide attention thanks to the public dumping of very sensitive data, including that of high profile public figures.

What happened?

Hemmakväll is a popular video rental chain. In July 2015, its customer data was breached by hackers, who then publically dumped it for all to see.

How many records were accessed?

Approximately 50,000 records were accessed. Data that was dumped included details of customers’ email addresses, home addresses, names and telephone numbers. Their passwords were also made public.

Many of the people whose data was exposed in this hack were members of prominent institutions, including the police, political ministers, and the Swedish Tax Agency.

Why it happened

A security hole in the software used by the company Magneto, which is an e-commerce platform used to run a number of sites including Hemmakväll, was not fixed upon discovery. This hole was exploited by hackers, who were then able to gain access to the company’s database, copying their consumer details.

What’s happened since?

When the data of Hemmakväll’s customers was released, it was found that their passwords were stored using a weak MD5 hashing algorithm, which meant that those inclined to do so were able to crack them extremely quickly.

Shortly after the breach was discovered, Hemmakväll took quick action to notify its users and set about changing all of the passwords used by customers on its website, in order to prevent further access to their data from malicious parties looking to exploit the sensitive data breach for their own gain.

Patches have also been made available, so that users of Magneto can remove the vulnerabilities from their websites that enable hackers to create fake admin profiles, which enable them to access databases.