Thousands of subscriber accounts from political site Infowars are reportedly being traded on the dark web. The accounts come from a breach that occurred in 2012. The breach stems from the site's Prison Planet TV section, which provides paid members access to Infowars content. User data including email addresses, usernames and poorly-hashed passwords were found circulating the digital underworld.
According to a report by Motherboard – who was provided with the leaked data by the breach notification site Databases.Land – around 50,000 user accounts were reportedly compromised, however, every record displayed appeared to have been included twice in the data. This led to the original number of the records erroneously being displayed as almost twice as what was actually breached.
"Infowars has investigated and examined the latest dump and determined that the information comes from the 2012 incident. At the time of that breach, Infowars notified users, reset passwords and took numerous steps to harden our systems to prevent further attacks," Infowars said.
Reports indicate that the passwords were hashed with the MD5 algorithm, widely considered to be a weak hashing technique, which in turn made it easier for hackers to crack the passwords. Motherboard has claimed that they successfully cracked passwords for quite a few user accounts themselves using a free online service. Of the 20 email addresses and corresponding usernames tested, 19 were found to be linked to accounts on the Infowars site.
"Although the information being reported is outdated, Infowars has once again forced a password reset in order to ensure the safety of prisonplanet.tv users," the site said.
A spokesperson for Infowars, Buckley Hamman claimed that the site no longer used MD5 to hash passwords. "We haven't used MD5 for almost five years," Hamman told The Hill. "It was probably someone trying to make a little money," he speculated.
It is unclear as to how the user accounts were stolen and leaked online and the number of affected users is also not known. Reports speculate that since the user accounts were in SQL format, hackers may have used an SQL injection, which is an age-old way to gain access to database servers.
Infowars or Prison Planet TV, focuses on current political issues in the US. The site's founder Alex Jones is notorious for his controversial perspectives and the site is widely considered to promote conspiracy theories, the recent examples of which include one report about the devastating Orlando shooting incident being a false flag operation and another about Democratic presidential candidate Hillary Clinton having resorted to cheating to open a jar of pickles on the late night show Jimmy Kimmel Live.