Ning, a DIY social networking platform with 90,000 networks and more than 100 million registered users, has been hacked. Reports are flowing in from Dutch news sites detailing the vulnerability, and according to Nu.nl, as many as all 100m accounts were compromised through a process known as cookie injection.

From Nu.nl (via Google Translate):

The problem is with Ning, a platform to create their own social networks. Everyone who registers gets a cookie in the browser provided. Students Angelo Geels and Alex Brouwer overtook then how they could change the content so that they are logged in as a different person to book stood.

From our own sources, we found that it was Dutch students from Mediacollege Amsterdam that discovered the vulnerability in March, and created a video to demonstrate it — not to abuse it maliciously. In other words, this was a demonstration and no data was stolen, unless another, separate group of hackers discovered the security hole as well.

According to the students in question, they filed a similar report over a year ago to Ning, but it had been ignored. It was only just recently discovered that the original vulnerability actually existed across all 90k networks, making it a much riskier issue.

Right now reports are mixed, but it appears Ning has fixed the problem just in time as reports started to surface today. We’ve contacted Ning and are awaiting response.

Hat tip to @faridelnasire

View this article:  

Ning security hole discovered by hackers, as many as 100 million accounts compromised