In Ironic Twist, MySQLs Own Database Is Hacked Via SQL Injection

  /     /     /  
Publicated : 22/11/2024   Category : security


In Ironic Twist, MySQLs Own Database Is Hacked Via SQL Injection


Open-source database companys customer names, passwords revealed following database attack



Hackers have posted an
email to the Full-Disclosure mailing list
that describes the breach of numerous MySQL websites, along with information from MySQLs database, including usernames and passwords.
Details on vulnerabilities in the websites of Sun Microsystems
, MySQLs parent company, were also released by the same group of hackers.
MySQL, which offers open-source database software and services for enterprises, is a leading provider of tools for small and midsize businesses. In an ironic twist, the attackers used a database-borne tactic -- SQL injection -- to reveal elements of the database companys own database of users and employees, including email addresses and passwords.
The SQL injection attack was initially found by TinKode and Ne0h of Slacker.Ro, according to a posting of some of the stolen data on pastebin.com. The data was subsequently published by Jackh4x0r.
Among the published data are tables with customer and partner information as well as internal network details. Hashes from the database -- some already broken -- also were posted.
It does not appear to be a vulnerability in the MySQL software, but rather flaws in the implementation of their websites, said Chester Wisniewski, senior security adviser at Sophos, in a
blog about the breach
.
A posting on XSSed.com also gives details on a cross-site scripting (XSS) vulnerability affecting MySQL.com since early January that reportedly still has not been repaired.
Have a comment on this story? Please click Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
In Ironic Twist, MySQLs Own Database Is Hacked Via SQL Injection