Thousands spammed by Seti@home hackers

Hackers have escaped with around 50,000 email addresses, after the Seti@home project was hacked last weekend.

A number of the email addresses taken have since been subjected to a major spam attack.

The organisation, which runs a distributed computing project to crunch data in the search for extra-terrestrial intelligence, confirmed that last weekend hackers gained access to the user database.

Although the organisation claims to have patched the hole, which existed in the project's proprietary database software, the hackers are estimated to have harvested around 50,000 of the 3.1 million user accounts involved in the project.

Following the breach, an unconfirmed number of users, estimated to be in the thousands, received spam and bragging emails from the hackers.

One such email read: "Dear Seti@home user. Seti@home Webpage been exploited. We have the intire user database as well all your information about you. SEE FOR YOURSELF. have nice day. regards UFCF Team 2001." (sic). The message also included a link to a free site hosted by Angelfire containing a list of the users' email addresses, but this was quickly removed because it violated Angelfire's terms and conditions.

Seti@home was also quick to stress that no other information, such as users' names or addresses, was compromised. Only email addresses were harvested by the hackers, possibly with the intention of selling them as spam lists to marketing firms.

It also stressed that because it is a not-for-profit project, it does not have the time or resources to repeatedly comb through code looking for bugs.

To make the system more watertight would require a rebuild of the client software, said Seti, an enormous task which the company has put on the back burner until it can find the resources to carry it out.