The popular news and classifieds website KSL.com was hacked by cybercriminals on Wednesday, October 11, 2023, exposing the personal information of millions of users. The hackers claimed to have stolen the names, email addresses, phone numbers, and passwords of the users, and threatened to release them publicly unless they received a ransom of $10 million in Bitcoin.
How the hack happened
According to a statement released by KSL.com, the hack occurred around 9:20 a.m. IST, when the website’s servers were breached by an unknown group of hackers. The hackers exploited a vulnerability in the website’s software, which allowed them to access the database containing the user information. The hackers then encrypted the database and demanded a ransom for its decryption.
The website’s security team detected the breach within minutes and shut down the servers to prevent further damage. The team also notified the relevant authorities and launched an investigation into the incident.
What the hackers want
The hackers contacted KSL.com via email and claimed to be part of a notorious cybercrime group called DarkSide. They said they had stolen the data of over 50 million users and would publish it on the dark web if their demands were not met. They also said they had proof of their attack and sent screenshots of some of the data they had accessed.
The hackers demanded a ransom of $10 million in Bitcoin, a cryptocurrency that is difficult to trace and regulate. They gave KSL.com 48 hours to pay the ransom or face the consequences.
What KSL.com is doing
KSL.com said it was working with law enforcement agencies and cybersecurity experts to resolve the situation and restore its services as soon as possible. The website also said it was taking steps to enhance its security measures and prevent future attacks.
KSL.com apologized to its users for the inconvenience and urged them to change their passwords as a precautionary measure. The website also advised its users to be vigilant and avoid clicking on any suspicious links or opening any attachments from unknown sources.
What users can do
Users who have registered accounts on KSL.com should change their passwords immediately and use strong and unique passwords for different websites. Users should also monitor their online accounts and credit reports for any signs of identity theft or fraud.
Users who have posted or responded to classified ads on KSL.com should be careful of any potential scams or phishing attempts. Users should not share any personal or financial information with anyone they do not know or trust, and should report any suspicious activity to KSL.com or the authorities.