1.11M Members

Phishing for teens in the Habbo Hotel


Teens just love using social networks for everything from posting naked photos online to wasting time during class at school. We also know that parents have little idea what teens get up to online but, it would appear, the teen online love affair has not gone unnoticed by young hackers who are actively targetting their fellow teenagers.

Researchers at the Imperva Application Defense Center have uncovered a new hack attack which specifically targets teens using the popular Habbo Hotel virtual world come social networking site. Since it launched in 2000, Habbo Hotel has gone on to see around 75,000 new avatars being registered daily and with monthly visitor totals of around 8 million uniques you can see why it might present an attractive target for hackers looking to spread malware or spam to a 'trusted' circle of freinds via compromised accounts.

According to Imperva ADC it was pretty easy to do the detective work that uncovered the Habbo Hotel attack. First researchers searched the T35 hosting site, favoured by certain hackers as it allows for PHP execution as well as providing sufficient free space for their nefarious purposes, using a simple filetype search for passwords stored as plain text at t35.com

This revealed a site, the URL of which I will not repeat here as it appears to still be up and running, containing a directory listing of thousands of Habbo Hotel users with data such as username, password, birthdate, email and snail mail details of both the user and their parents.

A little further digging found the alledged hacker behind the listing, openly bragging online about how the data was obtained courtesy of some simple phishing. Imperva says that the hacker had an Habbo account before being banned there by the name of chewingbum, and T35 also had a hosted site (since taken down) with the same name which acted as a phishing site for Habbo in the UK by tempting "the very young and innocent" to "give away their credentials for a promise of some game prizes".

Could it be that the people you might expect to be the savviest when it comes to online security, that is the generation that has known nothing other than a totally connected world and for whom social networking and virtual worlds are second nature, are actually more vulnerable to social engineering than you might think?

Member Avatar
Davey Winder

I'm a hacker turned writer and consultant, specialising in IT security. I've been a freelance word punk for over 20 years and along the way I have seen 23 of my books published, produced and presented programmes for TV and radio, picked up a bunch of awards and continue being a contributing editor with PC Pro - the best selling IT magazine in the UK .


Thanks for sharing this article. This is horrifying.

Isn't it about time forums rewarded their contributors?

Earn rewards points for helping others. Gain kudos. Cash out. Get better answers yourself.

It's as simple as contributing editorial or replying to discussions labeled or OP Kudos

This is an OP Kudos discussion and contributors may be rewarded
Start New Discussion
View similar articles that have also been tagged: