The new hacker collective "r00tbeersec" has struck again — and this time, it matters.
More than 350 passwords, full names and email addresses belonging to Italian customers of the Dutch consumer electronics giant Philips were posted online today (Aug. 20). The Italians had apparently purchased Philips flat-screen TVs with interchangeable colored frames some years ago.
That came one day after r00tbeersec revealed the usernames, email addresses and hashed passwords of nearly 200 employees and associates of chip-maker Advanced Micro Devices. While annoying, the AMD breach was less serious because the passwords were strongly encrypted.
The difference with today's breach was that the Philips customer passwords were in plain text, meaning anyone can now log into those Philips customer accounts — and any other online account where those users registered the same email address and password.
Philips is Europe's leading consumer-electronics company, and also makes many medical devices. Together with Sony, it developed the compact disc audio format.
The hackers also got into other Philips databases, some of which seem to have been created for one-time promotions or for region-specific Web pages.
For example, r00tbeersec posted the email addresses, full names, street addresses, postal codes, birth dates and phone numbers of about 300 Philips customers in Scandinavia and Finland.
While no password information was disclosed, the combination of all the other information means those Nordic residents are now prime candidates for identity theft.
The hackers also posted:
— Email addresses and real names of about 300 subscribers to a professional newsletter (including Philips employees)
— Email addresses and real names of more than 2,000 Europeans who gave reasons why they loved their Philips universal remote controls
— Email addresses of nearly 2,000 Belgian users of Sonicare electric toothbrushes
— 197,000 email addresses without any other information
Remember, the best way to avoid collateral damage from a data breach is to use different passwords for every online account you have — or at least for every online account that has any sort of financial or personal data, such as your birth date, attached.
If you fear you might already have become a victim of a data breach, head over ShouldIChangeMyPassword.com, which keeps a database of compromised email addresses.