city officials said Wednesday . Such a ttacks Attack.Ransom— another of which occurred in Atlanta last week — take over parts of private or municipal computer networks and then d emand payment,Attack.Ransomor r ansom,Attack.Ransomfor their release . Frank Johnson , chief information officer in the Mayor ’ s Office of Information Technology , said he was not aware of any specific r ansom request Attack.Ransommade by the hackers of Baltimore ’ s network , but federal authorities are investigating . “ The systems and the software and the files are all being investigated by the FBI right now , ” Johnson said . No personal data of city residents w as compromised,Attack.Databreachhe added . Dave Fitz , an FBI spokesman , could not be reached Wednesday . On Tuesday , Fitz said the agency was aware of the breach and providing assistance to the city , but otherwise declined to comment . The attack infiltrated a server that runs the city ’ s computer-aided dispatch , or CAD , system for 911 and 311 calls . The system automatically populates 911 callers ’ locations on maps and dispatches the closest emergency responders there more seamlessly than is possible with manual dispatching . It also relays information to first responders in some cases and logs information for data retention and records . The breach shut down the CAD system from Sunday morning until Monday morning , forcing the city to revert to manual dispatching during that time . While the city ’ s 911 calls are normally recorded online on Open Baltimore , the city dispatch logs stopped recording them at 9:54 a.m. Sunday and didn ’ t resume recording them again until 7:42 a.m. Monday . Johnson said the attack was made possible after a city information technology team troubleshooting a separate communications issue with the server inadvertently changed a firewall and left a port , or a channel to the Internet , open for about 24 hours , and hackers who were likely running automated scans of networks looking for such vulnerabilities f ound Vulnerability-related.DiscoverVulnerabilityit and gained access . The Baltimore hack comes amid increasing hacking of municipal systems across the country , and follows one in Atlanta last week that paralyzed that city ’ s online bill-payment system , with hackers d emanding Attack.Ransoma $ 51,000 p ayment Attack.Ransomin bitcoin to unlock it . T hat attack Attack.Ransomoccurred Thursday , and Atlanta employees only turned their computers back on Tuesday . Johnson said his office works diligently to prevent cyberattacks and is looking to invest more in safeguarding its networks . Baltimore also faced cyberattacks during the unrest in 2015 , when its website was taken offline . Johnson said he was unaware of any other successful attacks on the city ’ s networks . He said the city would be obligated to disclose any a ttacks Attack.Databreachthat c ompromised Attack.Databreachresidents ’ personal information , health information or crime data . Johnson said he feels the city recovered well from the breach once it was identified , but that he did not want to go into detail about what was done lest he expose the city to more attacks . The city has a $ 2.5 million contract with TriTech Software Systems to maintain its CAD software and provide “ technical support services to ensure the functional integrity ” of the city ’ s CAD system . Scott MacDonald , TriTech ’ s vice president of public safety strategy , said the company worked with city IT personnel to shut down the CAD software after the attack . The breach was not related to the company ’ s software , MacDonald said . “ Our techs connected and worked with the IT staff there , and the CAD system was taken down manually , in combination between our staff and theirs , while the servers could be troubleshooted by the city . ”
In one of the more bizarre d ata breaches Attack.Databreachto surface recently , hackers made off with 6 million accounts for CashCrate , a site where users can be paid to complete online surveys , according to a database obtained by Motherboard . In short , CashCrate connects users to companies that need people to test new products and services , or take part in daily surveys in exchange for cash . The data includes user email addresses , names , passwords , and physical addresses . Judging by timestamps in the stolen database , the earliest accounts date way back to 2006 , and come with full passwords . If a user signed up to another service with the same password , hackers could a ccess Attack.Databreachthe victim 's account on another site , as well as their CashCrate account . Accounts from mid 2010 onwards appear to have passwords hashed with the notoriously weak MD5 algorithm , meaning that hackers may be able to crack the hashes and o btain Attack.Databreachthe real login credentials . For-profit breach notification site LeakBase provided Motherboard with a copy of the CashCrate data . To verify that the data was legitimate , Motherboard attempted to create accounts with random email addresses included in the data . In every instance , this was not possible , because the email was already linked to an account on CashCrate . As an indication of CashCrate 's approach to cybersecurity , the site does not use basic web encryption , including on its login page , meaning that credentials could b e exposed Attack.Databreachto anyone in a position to i ntercept Attack.Databreachthem . `` We 're in the process of notifying all our members about the breach . While we 're still investigating the cause , at this point it appears that our third-party forum software w as compromised,Attack.Databreachwhich led to the breach . We 've deactivated it until we 're confident it 's secure , '' a CashCrate spokesperson told Motherboard in an email . `` We have also confirmed that any users who have logged in since October 2013 have passwords that are fully hashed and salted , and we 're looking into why some inactive accounts have plaintext passwords . Those will be hashed and salted immediately , '' the spokesperson added . The lesson : We all sign up to odd or random websites . If possible , it may be worth using a different email address for these more leftfield sites , or even creating dedicated addresses for each . That way , when a breach does occur , any fallout will be mitigated , and hopefully limited to only one or a few sites . That , and you should use a unique password for every site too .