Metropolitan State University
January 16, 2015
•[ hack, sqlinjection, education ]
Minnesota-based Metropolitan State University notifies faculty, staff and students that an attacker may have breached its web server to access a database that contained their personal information. 22,000 users are at risk.
Warframe
November 24, 2014
•[ hack, sqlinjection, technology ]
In November 2014, the online game Warframe was hacked and 819k unique email addresses were exposed. Allegedly due to a SQL injection flaw in Drupal, the attack exposed usernames, email addresses and data in a "pass" column which adheres to the salted SHA12 password hashing pattern used by Drupal 7. Digital Extremes (the developers of Warframe), asserts the salted hashes are of "alias names" rather than passwords.
Azad Kashmir Government Portal
September 5, 2014
•[ hack, sqlinjection, government ]
The Pak Cyber Eaglez collective breaks into the online portal of the Azad Kashmir government (ajk.gov.pk), defaces some of the pages, and extracts the database with the login credentials.
Alikhbaria
August 15, 2014
•[ hack, sqlinjection, government ]
Two Libyan hackers going with the handle of Mr.Rocky and Mr. Slyman deface the official website of Saudi government-owned satellite news TV channel Alikhbaria (ekhbariyatv.sa) and also steal the database of the website.
Pokémon Creed
August 8, 2014
•[ hack, sqlinjection, technology ]
In August 2014, the Pokmon RPG website Pokmon Creed was hacked after a dispute with rival site, Pokmon Dusk. In a post on Facebook, "Cruz Dusk" announced the hack then pasted the dumped MySQL database on pkmndusk.in. The breached data included over 116k usernames, email addresses and plain text passwords.
Black Hat World
June 23, 2014
•[ hack, sqlinjection, technology ]
In June 2014, the search engine optimisation forum Black Hat World had three quarters of a million accounts breached from their system. The breach included various personally identifiable attributes which were publicly released in a MySQL database script.
Boxee
March 29, 2014
•[ hack, sqlinjection, technology ]
In March 2014, the home theatre PC software maker Boxee had their forums compromised in an attack. The attackers obtained the entire vBulletin MySQL database and promptly posted it for download on the Boxee forum itself. The data included 160k users, password histories, private messages and a variety of other data exposed across nearly 200 publicly exposed tables.
Spirol
February 22, 2014
•[ hack, sqlinjection, manufacturing ]
In February 2014, Connecticut based Spirol Fastening Solutions suffered a data breach that exposed over 70,000 customer records. The attack was allegedly mounted by exploiting a SQL injection vulnerability which yielded data from Spirols CRM system ranging from customers names, companies, contact information and over 55,000 unique email addresses.
Official website of the President of Nepal
February 8, 2014
•[ hack, leak, sqlinjection ]
Two separate attacks deface the official website of Nepal's Office of the President (presidentofnepal.gov.np). In the first case, the attacker who goes by Dr.3v1l, also leaked some information stolen from the DB. The second attack was carried out by an Indian hacker.
Crack Community
September 9, 2013
•[ leak, sqlinjection, technology ]
In late 2013, the Crack Community forum specialising in cracks for games was compromised and over 19k accounts published online. Built on the MyBB forum platform, the compromised data included email addresses, IP addresses and salted MD5 passwords.
FaceUP
January 1, 2013
•[ hack, sqlinjection, technology ]
In 2013, the Danish social media site FaceUP suffered a data breach. The incident exposed 87k unique email addresses alongside genders, dates of birth, names, phone numbers and passwords stored as unsalted MD5 hashes. When notified of the incident, FaceUP advised they had identified a SQL injection vulnerability at the time and forced password resets on impacted customers.
Yahoo
July 11, 2012
•[ hack, sqlinjection, technology ]
In July 2012, Yahoo! had their online publishing service "Voices" compromised via a SQL injection attack. The breach resulted in the disclosure of nearly half a million usernames and passwords stored in plain text. The breach showed that of the compromised accounts, a staggering 59% of people who also had accounts in the Sony breach reused their passwords across both services.
Sony
June 2, 2011
•[ hack, sqlinjection, technology ]
In 2011, Sony suffered breach after breach after breach — it was a very bad year for them. The breaches spanned various areas of the business ranging from the PlayStation network all the way through to the motion picture arm, Sony Pictures. A SQL Injection vulnerability in sonypictures.com lead to tens of thousands of accounts across multiple systems being exposed complete with plain text passwords.
