The hackers posted information on the security breach on pastebin which itself contained links to the site privatepaste.com. These links are samples of the personal information the hackers have stolen including names, email addresses, occupation, date of birth, phone number and postal address.
Also the hackers commented that “This is first 100 emails from 200k list.I don’t want to share more because i will sell it.”According to V3 , Philips is aware of the incident and has taken action to minimise its impact. Philips is following its standard security incident response procedure and is collaborating with law enforcement.
“Within an hour Philips became aware of the event, the compromised server was shut down. We are assessing the nature and extent of information that may have been accessed and a full investigation is in place,” they said.This attack is another in a long list of very public security breaches and if the hackers have been able to steal over 200,000 records with personal details including postal addresses and phone numbers it potentially means the hackers could have gained further access to other Philips servers.
It is interesting to note that the hackers defaced a subdomain and not the main site. Hackers like to target smaller websites (even within a larger corporation) as these are often less well protected. This is what happened to Sony Pictures in 2011 when hackers breached an old competition website.