Unfortunately for Philips the r00tbeer gang have struck and this time their target was the Dutch technology giant Philips, in the process they managed to exfiltrate some data from the Philips systems compromised. It seems that a number of smaller databases where compromised during the attack and then have been leaked, in the process leaking a few thousand records.
The records include details of names, telephone numbers, addresses and passwords and password hashes. Yup that is right, plaintext passwords, one of the databases leaked contained around 400 records had user password information stored in plaintext. As usual with this sort of breach it is fairly difficult to see what value some of this information may have. Yes, people use shared passwords so it is possible that some of the account information leaked will work with other systems.
It also seems a lot of the passwords where pretty weak in nature, alas a problem you get everywhere, with the usual passwords of 'password', '123456' and the like Philips are not the only ones at fault here. Sure Philips did make some poor choices having an application that uses plaintext passwords, maybe they should have their Application Developers and Security team have a look at this handy Cheat Sheet on Password Storage by OWASP. Users are also at fault in not using more secure passwords, however alas a secure password is little use if stored by the application in an insecure manner.
r00tbeer have managed to bag themselves a couple of big technology scalps in the last couple of weeks, they also hit and defaced AMD's blog as well as getting away with some data.