Security contractor G4S has apparently been hacked in retaliation for what the perpetrator claimed were "human rights violations".
The claim was made on Twitter last night, and accompanied by a Leakster post which appears to contain details on G4S’ web infrastructure, as well as usernames and passwords for the security company’s various subdomains.
However, a G4S spokespoerson said the company had found "no evidence of any breach of security".
"We have carried out a full investigation this morning into claims that G4S information systems have been hacked and we have found no evidence of any breach of security," the spokesperson said.
The hacker claiming responsibility, going by the tag CyberZeist, posted email addresses and hashed passwords supposedly taken from various G4S domains, including those in the US, Papua New Guinea and Australia. The passwords, according to the dump post, are encrypted using unsalted MD5 hashes.
A few hours after the hack was announced, CyberZeist tweeted that G4S had "silently patched" the hole which had allowed the attack, a SQL vulnerability at web address http://moodle.ec.g4s.com/moodle/course/category.php?id=[input string].
Upon examination the dumped credentials appear to be genuine, with the leaked email addresses matching to existing employees. In a tweet, the hacker promised to disclose G4S’ cracked password hashes to the public if it "denied the breach to protect its reputation".
G4S said it was "continuing to run a thorough check of all our systems.”