Sophos Cloud Optix
A gang of hackers known as SwagSec announced at the tail end of last week that they had hacked into Lady Gaga’s UK website and made off with a database of names and email addresses of fans. To prove their point, they published the stolen data online.
The press reported that a source close to Lady Gaga said that she was:
"upset and hopes police get to the bottom of how this was allowed to happen"
If she was upset, she made no mention of the hack on her Twitter page, and posted no apology to her UK fans for the poor website security. She wasn’t, however, too upset to tweet about Emmy award nominations or to drop a line to Cher about doing a duet remix.
Although it’s right that the authorities should be informed regarding SwagSec’s illegal activities, there should surely be some recognition at Gaga HQ that perhaps the website was doing a lousy job at securing its fans’ information?
Lady Gaga’s record label, Universal, said it had confirmed that the hack had occurred and said that police had been informed:
"The hackers took a content database dump from www.ladygaga.co.uk and a section of email, first name and last name records were accessed. There were no passwords or financial information taken. We take this very seriously and have put in place additional measures to protect personally identifiable information. All those affected have been advised."
The risk to users who had their details compromised, of course, is that they could have been the subject of targeted attacks. Imagine how many of them might have opened an attachment or clicked on a link if they received an email claiming to be about free tickets for a Lady Gaga concert, or a sneak preview of her new video.
But although Universal says that it has contacted everyone who was affected – can they be confident that they know the extent of SwagSec’s hack? After all, the hack is claimed to have occurred weeks ago, but was only made public by SwagSec at the end of last week.
Wouldn’t it be more open and transparent to have a message to fans of the Lady Gaga UK website, telling them all what occurred. I went looking and couldn’t find anything to warn the wider array of Lady Gaga fans.
You may remember that the SwagSec hacking group defaced Amy Winehouse’s website earlier this month as well.
One wonders what eccentric female troubadour they will target next..
You'd think the first thing they's do is post a warning on the site to its members. There doesn't appear to be any such notification to allow the gaga fanlets to change their email passwords. Very irresponsible.
What percentage of her many minions would regularly check security blogs??
Come on Graham, this article deserves at least one "poker-face" pun!
For a start, you missed this doozie of a headline:
"Lady Gaga website maintains 'poker-face' over database hack"
I'll let you have that one for free, but the next one will cost you. 😉
You do realise I'm more of a Joni Mitchell man, don't you?
I'm getting really tired of these posts condemning the victims in these crimes. It's like blaming somebody for getting robbed because they used a standard lock on their doors and windows, or blaming a girl for being sexually assaulted because she wasn't wearing a floor-length wool skirt.
Ultimately, the criminals are the guys who broke into the website, stole the information and then published it on the net. No question about it, and if I gave you any other impression I apologise. It wasn't my intention.
But from your tone I'm assuming that you believe the victim to be Lady Gaga, or the people who run Lady Gaga's website. Well, I'd agree that they are *some* of the victims – but the people who could suffer the most and *also* victims are the individuals who put their trust in the Lady Gaga website to be written securely and to take proper care of their personal data.
I'm with Mark on this one, Graham.. how about "My website wasn't hacked, it was born this way!" or maybe..
Rah rah ah-ah-ah!
Ro mah ro-mah-mah
Gaga Ooh-la-la!
Want your bad SQL script kiddie defense..oooh !
Maybe you should record that and send it to Chet as a new theme tune for his podcasts..
This kind of hacking is often to show off and get attention (for the hackers)… They have a NAME and want recognition for this. It is smart for her to stay quiet and not give them the recognition they want. She always seems pretty dedicated to her fans so I doubt she's just blowing the situation off. She may just be waiting to catch the hackers first and deal with legal complications before saying anything. People are often too quick to comment or "deal" with a situation that they don't think about what they are saying and if it is actually necessary or productive. Our generation of Twitter fiends are so used to word vomit that they assume she just doesn't care if she doesn't comment.
This is of course MY thoughts and speculation and it is possible that she really doesn't care. I don't really care, I'm just procrastinating on studying for my Arabic final and what better way to do that than write a novel on a relatively meaningless thread that nobody REALLY cares about 🙂
Much love and wish me luck!