ITWallStreet.com, a job board for IT talent looking to work in the financial district, was hacked on Wednesday – leaving some 50,000 users exposed. The attacker, going by Masakaki and claiming roots with TeamGhostShell, said the breach was part of a larger effort that focuses on financial institutions.
ITWallStreet.com allows users to “discreetly connect with Wall Street’s IT career community.”
The compromised data was released under the heading MidasBank, which was explained in a statement as a set of leaks, “from an economical point of view, institutional and educational, but primary, it will focus on the financial aspect of things.”
“With that being said, what better target to pick as a first release, than the place that puts all markets to shame in the world. Wall Street. IT Wall Street owned. Around 50.000 accounts compromised. The list contains both current, past, and rejected IT personal from Wall Street. The information is as detailed as ever with many other surprises in it. Please, enjoy.”
The leaked data consisted of names, addresses, email addresses, poorly hashed passwords, and phone numbers. A file with records of calls between recruiters and candidates was also included, including a list of references. Interestingly, the client list for ITWallStreet.com was also leaked, listing such firms as NASDAQ, Dow Jones, Wachovia, Goldman Sachs, and Morgan Stanley.
For a brief period after the initial appearance of the hijacked data, ITWallStreet.com was offline. They returned after an hour or so of downtime, but neither the website, nor their parent – Andiamo Partners – makes mention of the breach.
While the released data is bad enough, the final comment released by Masakaki – signed Supporters of Occupy Wall Street – was the promise that over 3000 resumes “were held in by MidasBank to trade them on the black market.”