Teens just love using social networks for everything from posting naked photos online to wasting time during class at school. We also know that parents have little idea what teens get up to online but, it would appear, the teen online love affair has not gone unnoticed by young hackers who are actively targetting their fellow teenagers.

Researchers at the Imperva Application Defense Center have uncovered a new hack attack which specifically targets teens using the popular Habbo Hotel virtual world come social networking site. Since it launched in 2000, Habbo Hotel has gone on to see around 75,000 new avatars being registered daily and with monthly visitor totals of around 8 million uniques you can see why it might present an attractive target for hackers looking to spread malware or spam to a 'trusted' circle of freinds via compromised accounts.

According to Imperva ADC it was pretty easy to do the detective work that uncovered the Habbo Hotel attack. First researchers searched the T35 hosting site, favoured by certain hackers as it allows for PHP execution as well as providing sufficient free space for their nefarious purposes, using a simple filetype search for passwords stored as plain text at t35.com

This revealed a site, the URL of which I will not repeat here as it appears to still be up and running, containing a directory listing of thousands of Habbo Hotel users with data such as username, password, birthdate, email and snail mail details of both the user and their parents.

A little further digging found the alledged hacker behind the listing, openly bragging online about how the data was obtained courtesy of some simple phishing. Imperva says that the hacker had an Habbo account before being banned there by the name of chewingbum, and T35 also had a hosted site (since taken down) with the same name which acted as a phishing site for Habbo in the UK by tempting "the very young and innocent" to "give away their credentials for a promise of some game prizes".

Could it be that the people you might expect to be the savviest when it comes to online security, that is the generation that has known nothing other than a totally connected world and for whom social networking and virtual worlds are second nature, are actually more vulnerable to social engineering than you might think?

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

8 Years
Discussion Span
Last Post by antwar1986
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.