User-generated content is Achilles’ heel of social media sites

User-generated content is the “Achilles' heel” of social media sites, warns a new report by data security firm Imperva that examines the recent hack of the MilitarySingles.com site by LulzSec. 

In its report 'Dissecting a Hacktivist Attack', Imperva explained LulzSec was able to gain access to personal information of users on the MilitarySingles.com by using a remote file inclusion (RFI) attack against PHP-based applications, which compromise 77% of web applications.

In March Lulzsec Reborn said it had hacked into the MilitarySingles.com website and posted emails and other personal data of 170,937 accounts from MilitarySingles.com on Pastebin as part of the group’s Operation Digiturk. LulzSec exploited a vulnerability in the photo upload functionality on MilitarySingles.com to upload an executable file disguised as an image file and gained control over the server, Imperva explained.