Ironic Hacking? mysql.com was pwned via SQL Injection.

In an email sent out on their full disclosure mailing list Sunday, it was revealed that a number of web sites, including mysql.com and sun.com, were compromized using, perhaps ironically, an SQL injection attack.

In the blind attack, databases were stolen which contained both member and employee email addresses and account credentials, as well as tables with customer and partner information and internal network details. Encrypted passwords from the database were posted online, with some having been already cracked.

MySQL is a databasing platform used by millions of web sites for small and medium sized databases, including by the popular blogging software WordPress.

While there has been no word yet if the attack affects other mySQL users, or if this was due to a flaw in other code, but we can expect to hear more from the mySQL team soon, with patches released if needed.

Sources:  [1, 2, 3]






Leave a Reply

Your email address will not be published. Required fields are marked as *

*