Report From EC-Council : On May 16th, 2013, EC-Council was notified of an article that stated an alleged hack had taken place on EC-Council Servers. Upon notification, EC-Council immediately investigated the issue. Contrary to the news reported by E Hacking News this week, EC-Council did not suffer a breach, nor was it the victim of a hacking incident.
EC-Council takes these types of incidents very seriously and conducted an extensive investigation as soon as it was notified about the allegation. EC Council’s Information security experts reviewed the information shared through E Hacking News, which is apparently based out of Chennai, India.
EC-Council has determined that the information that was purportedly obtained by the individual by hacking into EC Council’s website was actually obtained due to a human error that allowed “Directory viewing” while a non-production environment was under development. This configuration allows a visitor to view the contents of a web directory much like visiting a web page, however instead of a webpage, the user is able to see links to files in web directories.
This was not a breach and no systems were affected. The files contained in the listed directories were encrypted binary .Resource files; primarily DRM (Digital Rights management) protected documents that EC-Council makes available for download to paying students and organizations globally and some other non confidential files that were already in public circulation. No sensitive data or personal information was compromised.
By nature, these DRM protected documents are fully encrypted and require active accounts with valid credentials to access the contents therein. Files contained in these directories were .Resource files not served by IIS, just listed with read only rights preventing any download or modification of the original files. Directory browsing has been disabled on the one development server in question.
While re-iterating that fact that no hack took place and that no confidential data was compromised, EC-Council wishes to point out that these documents are copyrighted and are the Intellectual property of EC-Council. Copying, sharing or distributing them in any form without the permission of EC-Council is a violation of International Copyright Laws.
The EC-Council Community should always validate where downloads are hosted and ensure that they are always dealing with official files and links from an authorized partner of EC-Council, or EC-Council directly.
For questions or concerns about this or any other security related concerns, please contact firstname.lastname@example.org