Helistin.fi, a Finnish media property owned by Darwin Media, was hacked last night. According to reports, all user credentials were shared online. The site holds a popular bulletin board for young parents as well as a baby book service offered by the Finnish startup Starduck Studios. Intoloop Kids, the service Starduck Studios licensed to Helistin.fi remains unaffected by the hacking. Henri Liljeroos, CEO, stated on the phone to us that “the bulletin board on Helistin.fi was hacked and this does not affect users on our service, which is still up“.
The bulletin board on Helistin.fi was running phpBB version 2.0.2 from nearly a decade back and was not updated with any security updates since, Finnish Tietokone reports.
The “hacker” isn’t affiliated with the popular Anonymous movement, which has been gaining popularity in the recent months. He simply signed into the Helistin.fi bulletin board with the admin password that had been shared on Ylilauta.fi (an anonymous public wall, where anyone can share content) and turned the bulletin board off.
Not a very dramatic hacking in the end, but a great reminder to everyone involved with services that rely on user authentication to keep security levels adequate. Sharing credentials from a baby forum doesn’t sound like a big crime, but what many fail to realize is that users share these same credentials with numerous other services thus endangering their whole online identity.