6 comments

[ 3.1 ms ] story [ 25.0 ms ] thread
How did they extract such extensive information about him if he was just using a WP plugin?
I'm assuming the blog the kid used the plugin on had all sorts of info and links to his Twitter account, etc.

They left in his real name in one of the screenshots BTW.

IMO it's quite an entertaining SocEng attack. And he just wanted to get the latest version of a commercial WP plugin! hahaha! I was kind of expecting something more malicious: I thought either the source file he requested contained login credentials or other sensitive info, or he was going to send back a "patched" version with a backdoor in it.

Odd, how he went through all that trouble. Anyone know what the plugin does BTW? I haven't looked, is it that good? :)

Some people just REALLY hate paying for software. I've had users trying to get a discount on a $3 product because they saw a "enter promo code" box (for giving out free betas) on the payment page.

Of course, I removed the box :)

How much does this plugin cost?
So security minded they're using GPG, no wait ...