Oracle quiet on MySQL.com hack claims

Oracle has chosen not to comment on an alleged hack of MySQL.com – the site that has been smashed by cyber criminals on two occasions already this year.

A hacker going by the pseudonym D35M0ND142 posted information on Pastebin, claiming it came from, somewhat ironically, a MySQL.com database.

D35M0ND142 suggested the website owners had not fixed the site following two serious hack attacks this year. Oracle told IT Pro it had no comment on the matter.

The main problem is that unlike Microsoft or Google, many companies are not doing a good job in protecting those services.

Data included in the Pastebin post appeared to feature usernames, emails and passwords of various MySQL.com users. This purportedly included login details of Robin Schumacher, MySQL's director of product management.

Luis Corrons, technical director of PandaLabs, said it looked like the information could be real.

"This is one of the biggest problems we are facing nowadays: there are a number of online services we use, we have to register to get access to them and most of the users have the bad habit to reuse the password everywhere," Corrons told IT Pro.

"What is worse, in most of these services you have to give an email address, so if someone gets access to the database where all this information is stored you could have your email account hacked.

"The main problem is that unlike Microsoft or Google, many companies are not doing a good job in protecting those services."

In September, MySQL.com was found serving malware after security firm Amorize found some highly obfuscated JavaScript on the website.

In March, the website was compromised as a result of an SQL injection attack.

In that case, hackers posted a host of usernames and password hashes – some of which had reportedly been decrypted – onto Pastebin.