http://i.imgur.com/lDZJonS.png

https://twitter.com/kanokochi/status/894750043063762944




http://i.imgur.com/hofLCWB.png

https://twitter.com/MichaelToole/status/894755357771276289






http://i.imgur.com/0RDcEf5.png

https://twitter.com/ANNZac/status/894755722155638785

Nasty business.

They're calling it "technical problems" on Facebook:
https://www.facebook.com/animenewsnetwork/posts/1500549403299533


Kinda disappointed on their response and lack of information. This is a situation that could potentially damage their user-base, the least they could do is be honest so that their members can take their precautionary actions if they deem it necessary.

Working domain right now:

http://www.animenewsnetwork.cc/


Edit:

Last night, Anime News Network suffered a pretty major hack, one that took down our original domain (www.animenewsnetwork.com) and compromised our email domain — meaning you can't reach us through any animenewsnetwork.com email accounts for the time being. Right now, you can't contact any of our staff using an animenewsnetwork.com email; it won't reach us at this moment.

Through this process, the hacker also compromised some of our Twitter accounts, like @anime and @animenewsnet as well as a handful of personal staff accounts like @ANN_Ed and @ANNZac. We're still working on cleaning all this up – it's a pretty involved process that may take some time, but for now we're live at AnimeNewsNetwork.cc. Please spread the word on social media, as this is our new (temporary) home for the time being! We'll be back with more updates as things progress – we apologize for the inconvenience, and shall rise again soon.

http://www.animenewsnetwork.cc/site-news/2017-08-08/update-what-going-on-with-anime-news-network/.119882

On August 7th, a hacker contacted my cell phone company to initiate the transfer of my number to a new sim-card. The hacker called 3 times, and each time they failed the security authentication. After three failures, they tried my cell phone company's online chat feature where they were able to convince a customer service representative (CSR) to make the transfer. At this time, it isn't clear to me if the CSR was negligent, or if the hackers did manage to exploit a weakness in my cellphone company's system, or my account, however the evidence currently suggests that it was a bad decision on the CSR's part that contributed to the successful hack.

Finding my phone number isn't particularly hard. It's on my business cards, it's on every e-mail I send, and it was in ANN's whois information.

With control over my cellphone number, the hackers were able to exploit “account recovery” features to gain access to one of my e-mail accounts. Of course, the e-mail account they targeted was the one used for ANN's domain registrar. Once they had my e-mail account, they were able to use it to retrieve the password for ANN's registrar account and then transfer the ANN domain to a registrar in Hong Kong.

They also used my phone number to recover the password for ANN's @Anime twitter account, delete the account, and then rename their own account to @Anime.

With control of the AnimeNewsNetwork.com domain, the hackers are now theoretically able to read any e-mail sent to e-mail addresses @ AnimeNewsNetwork.com, and we have reason to believe that they are doing this. So don't send e-mail to our old addresses.

Aside from this, the hackers never compromised our servers. They never gained access to anything on our server, no passwords, user info, or anything was compromised.

http://www.animenewsnetwork.cc/site-news/2017-08-11/how-ann-was-hacked/.120038

I wonder if somebody at the phone company will find themselves without a job very soon. Not that those would be all too desirable job titles anyway, so I imagine most there aren't planning to stick for life anyway. Aside from that, the phone company will most likely be made to pay all the expenses this case has and will produce.

I wonder if somebody at the phone company will find themselves without a job very soon. Not that those would be all too desirable job titles anyway, so I imagine most there aren't planning to stick for life anyway. Aside from that, the phone company will most likely be made to pay all the expenses this case has and will produce.

It's an interesting case study. All the protection in the world won't prevent human error.

It was "human error" in that they decided to trust the caller as being legit and give them access to their account again.

One needs to consider the situation where the caller is the legitimate victim of losing their phone and trying to regain access. In such a case, personal details verification should obviously be asked for. How much would be the question.

I suspect the company did not have such a policy put in place previous to this.