Report: TeamGhostShell pwns

A hacker with links to TeamGhostShell claims to have pwned and owned, a website dedicated to IT professional seeking jobs in the financial sector.

The hack and extract operation yielded extensive data on thousands of job applicants, including names, mailing addresses, email addresses, usernames, hashed passwords and phone numbers – all of which were publicly posted online. 

“GhostShell has been leaking left and right all kinds of targets. Well, we’re here to bring some sort of order to it which is why this district will function solely to provide leaks from an economical point of view,” a a hacker named Masakaki wrote in a TeamGhostShell communique. 

“What better target to pick as a first release, than the place that puts all markets to shame in the world. Wall Street. IT Wall Street owned [We now have] 3,000 resumes to trade on the black market.”

A ComputerWorld analysis of the above-mentioned data dump positively identified salary ($40K-$400K) and bonus expectations, along with feedback on specific candidates culled from multiple email threads and various phone interviews.  

Breached profiles appear to have ranged from entry-level to senior management, all of which included extensive lists of references apparently supplied by job candidates.

It should be noted that Andiamo Partners, the New York-based recruiting firm that operates the website has yet to either confirm or deny the breach.