Teens just love using social networks for everything from posting naked photos online to wasting time during class at school. We also know that parents have little idea what teens get up to online but, it would appear, the teen online love affair has not gone unnoticed by young hackers who are actively targetting their fellow teenagers.

Researchers at the Imperva Application Defense Center have uncovered a new hack attack which specifically targets teens using the popular Habbo Hotel virtual world come social networking site. Since it launched in 2000, Habbo Hotel has gone on to see around 75,000 new avatars being registered daily and with monthly visitor totals of around 8 million uniques you can see why it might present an attractive target for hackers looking to spread malware or spam to a 'trusted' circle of freinds via compromised accounts.

According to Imperva ADC it was pretty easy to do the detective work that uncovered the Habbo Hotel attack. First researchers searched the T35 hosting site, favoured by certain hackers as it allows for PHP execution as well as providing sufficient free space for their nefarious purposes, using a simple filetype search for passwords stored as plain text at t35.com

This revealed a site, the URL of which I will not repeat here as it appears to still be up and running, containing a directory listing of thousands of Habbo Hotel users with data such as username, password, birthdate, email and snail mail details of both the user and their parents.

A little further digging found the alledged hacker behind the listing, openly bragging online about how the data was obtained courtesy of some simple phishing. Imperva says that the hacker had an Habbo account before being banned there by the name of chewingbum, and T35 also had a hosted site (since taken down) with the same name which acted as a phishing site for Habbo in the UK by tempting "the very young and innocent" to "give away their credentials for a promise of some game prizes".

Could it be that the people you might expect to be the savviest when it comes to online security, that is the generation that has known nothing other than a totally connected world and for whom social networking and virtual worlds are second nature, are actually more vulnerable to social engineering than you might think?

204 Views
About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to Forbes.com, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...

Thanks for sharing this article. This is horrifying.

Thanks so much for the tips, keep posting... :D