Ning security hole discovered - as many as 100 million accounts compromised
Ning, a DIY social networking platform with 90,000 networks and more than 100 million registered users, has been hacked. Reports are flowing in from Dutch news sites detailing the vulnerability, and according to Nu.nl, as many as all 100m accounts were compromised through a process known as cookie injection.
From Nu.nl (via Google Translate):
The problem is with Ning, a platform to create their own social networks. Everyone who registers gets a cookie in the browser provided. Students Angelo Geels and Alex Brouwer overtook then how they could change the content so that they are logged in as a different person to book stood.
From our own sources, we found that it was Dutch students from Mediacollege Amsterdam that discovered the vulnerability in March, and created a video to demonstrate it — not to abuse it maliciously. In other words, this was a demonstration and no data was stolen, unless another, separate group of hackers discovered the security hole as well.