A Webmail service that touts itself as hack-proof and offered $10,000 to anyone who could break into the CEO's e-mail has lost the challenge.A trio of hackers successfully compromised the e-mail using persistent cross-site scripting (XSS) vulnerability and are now claiming the bounty.
The hacking team of Aviv Raff, Lance James and Mike Bailey set up the attack by sending an e-mail to the company's CEO Darren Berkovitz. When he opened the e-mail, the team exploited an XSS flaw to take control of the account.
They were able to follow the contest rules and record a calendar entry for one of Berkovitz's task that's due on June 26.
Robert McMillan reports that Berkowitz confirmed the authenticity of the calendar entry but StrongWebmail has not yet confirmed the compromise of pay the promised bounty.