Hello Nathan,
Not too long ago, you heard reports about, as well as on your website reported a "hacking" on the NZXT.com website. The security flaw on the website that allowed access to the administration panel was found by mistake. A user was looking at the NZXT Khaos, and had hit the buy now button to see how much it cost on the NZXT web store. However, when this link was clicked, it did not take the user to the web store, but instead an administration page which allowed access to any part of the website front end(Not to worry about the web store, as that appeared to be a separate administrative entity and therefore personal information should not be worried about, as this information was NOT accessed). The changes made to the NZXT website were not inteded to be malicious, it was more in the intent of proving to NZXT that they have a major security flaw that must be fixed, and also as somewhat of a "prank", as it is not often you get the chance to play such a "prank" on a large company.
- nzxt_login.jpg (22.85 KiB) Viewed 2431 times
However, you can still see the administration login page by looking on google cache, by typing "NZXT Administration" into google, the first few results will link to the pages with flawed security(which have since been removed). There was no actual username/password found, as any combination of username and password allowed access to the administration page. This was found after first discovering the first flaw. This points to serious questions about the security at NZXT, as such a page should have been included in the robots.txt file on the website, which after a quick look, it was discovered that it was not in robots.txt, and in a large corporation such as NZXT, should not have been accessible outside of their own internal network or a via VPN. If nothing else, the company should be grateful that there was very little done to the website, as much more could have been done, had there been malicious intent.
Last but not least, the people involved in this "hacking" have little to no experience with web programming, and those that do only have basic level knowledge of such coding as HTML, with no PHP coding knowledge. There was no malicious intent in the modifications of NZXT's website, and any alterations that were done were able to be easily reversed, as only four pages had any edits to them(one of which, is still in its edited state, but we will let NZXT have some fun on finding which one that is....however, "think outside the box" will be a great hint on finding it). If nothing else, this "hacking" just increased visibility and traffic of NZXT. We are just a bunch of hardware enthusiasts, and in fact we all love NZXT and many of the products they produce, such as the beta case which is a great case for someone on a budget and easily moddable with such things as a window or fans, along with the new fan LXE fan controller produced by NZXT, which is quite an exciting and revolutionary product.
Thank You,
Someone unknown who had a bit of fun after accidentally finding a security flaw on a website.
