/>
X

StrongWebmail CEO's mail account hacked via XSS

A Webmail service that touts itself as hack-proof and offered $10,000 to anyone who could break into the CEO's e-mail has lost the challenge.A trio of hackers successfully compromised the e-mail using persistent cross-site scripting (XSS) vulnerability and are now claiming the bounty.
ryan-naraine.jpg
Written by Ryan Naraine on

A Webmail service that touts itself as hack-proof and offered $10,000 to anyone who could break into the CEO's e-mail has lost the challenge.

A trio of hackers successfully compromised the e-mail using persistent cross-site scripting (XSS) vulnerability and are now claiming the bounty.

[ SEE: Email service provider: 'Hack into our CEO's email, win $10k' ]

The hacking team of Aviv Raff, Lance James and Mike Bailey set up the attack by sending an e-mail to the company's CEO Darren Berkovitz.   When he opened the e-mail, the team exploited an XSS flaw to take control of the account.

They were able to follow the contest rules and record a calendar entry for one of Berkovitz's task that's due on June 26.

Robert McMillan reports that Berkowitz confirmed the authenticity of the calendar entry but StrongWebmail has not yet confirmed the compromise of pay the promised bounty.

The researchers are not sharing details of the vulnerability.  However, James has been posting screenshots of StrongWebmail's XSS problems on Twitter.

Related

A United Airlines pilot made a big speech to passengers. Not everyone will love it
screen-shot-2022-08-09-at-9-39-33-am.png

A United Airlines pilot made a big speech to passengers. Not everyone will love it

Business
Dear American Airlines customers, your pilot today is a United Airlines trainee
gettyimages-1155904758-american-airlines-dreamliner2.jpg

Dear American Airlines customers, your pilot today is a United Airlines trainee

Business
An Apple employee told me the truth about the M2 MacBook Air (that was the problem)
screen-shot-2022-08-09-at-4-14-46-pm.png

An Apple employee told me the truth about the M2 MacBook Air (that was the problem)

Apple