Expo 2015 – Anonymous has stolen 1TB data from Best Union ticketing service

Pierluigi Paganini May 18, 2015

The Anonymous collective continues the wave of cyber attacks against the Expo 2015 Universal Exposition, the last victim in order of time is the Best Union.

Anonymous Italy continues to target the Expo 2015 Universal Exposition being hosted in Milan with a series of attacks under the Operation Italy (#OpItaly). The collective of hackers it targeting systems of the organization and the companies that are working for the event. The last victim in order of time is the Best Union, a company that manages the online service for the sale of the tickets.

The Anonymous attacks started on April 30, the day before the opening ceremony with a series of DDoS that hit the official website for the sale of tickets (https://tickets.expo2015.org). The cyber attacks went on intermittently for about two days.

The hacktivists are targeting the Expo 2015 to protest against the alleged corruption that has influenced the procurement of the works planned for the event. One of the messages that was tweeted during the attacks clearly referred the corruption:

“In un DDoS non c’è corruzione” (mean there is no corruption in a DDoS attack)

On May 1st, while people in the streets were protesting against the EXPO 2015, Anonymous hit again the website myexpo.expo2015.it.

While the organization of Expo 2015 minimized the effects of the attacks, Anonymous incessant continued its operation. Anonymous Italy published a new statement against the organization and the way it was managing the news related to the cyber attacks.

“For the record – the site of the online ticketing service has been out all night on April 30 and several more hours on the afternoon of May 1, their habit, to be so petty and liars leads them to lie in the face of evidence, not only, to declare publicly a news not true and absolutely false to not only admit their utter incompetence. Expect Us !!! .”

The hackers belonging to the Italian Wing of the collective targeted and successfully defaced the website of the padiglioneitaliaexpo2015 as illustrated in the following snapshot  took just after the attack. anonymous Expo 2015 defacement


The last attack against the service provided by the Best Union allowed the member of Anonymous Italy to steal data from the database of the server used by the company. According to the tweets sent by members of the group, the database dump contains “1 Terabyte of leaks” belonging to people that acquired the ticket online. It seems that the passwords were stored in clear text.

expo 2015 db dump 2

It’s clear that these people must be alerted urgently to avoid further cyber attacks. Despite Anonymous doesn’t intend to hit innocent people it is possible that the data could fall into the wrong hands, or that some criminal group starts a phishing campaign by exploiting the Anonymous Italy attack and asking unsuspecting users information to put them in security.

No doubt, Anonymous will continue its offensive against Expo 2015.
Stay Tuned …

Pierluigi Paganini

(Security Affairs – Expo 2015 , Anonymous Italy)

you might also like

leave a comment