IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

MySQL hit by irony attack

MySQL.com gets hit by an SQL injection attack, and hackers leak some disconcertingly weak passwords onto the net.

MySQL

In a somewhat ironic hack, MySQL.com has been compromised as a result of an SQL injection attack, leading to usernames and password hashes being published online.

The exploited flaws did not lie within MySQL business database management software, but in the implementation of the Oracle-owned website.

The hackers posted a host of usernames and password hashes some of which have reportedly been decrypted already onto Pastebin.com.

Hackers Ne0h and TinKode claimed responsibility for the compromises. The latter said they were behind an SQL injection attack on the Royal Navy website last year.

A number of the employee passwords leaked by the MySQL.com hackers appeared to be fairly weak, according to Chester Wisniewski, senior security advisor at Sophos Canada.

"Most embarrassingly, the director of product management's WordPress password was set to a four digit number... his ATM PIN perhaps?" Wisniewski said in a blog.

"The irony is that they weren't compromised by means of their ridiculously simple passwords, but rather flaws in the implementation of their site."

MySQL owner Sun Microsystems now an Oracle subsidiary was also targeted by the two hackers, as tables and emails were dumped on Pastebin, but no passwords.

"It was noted on Twitter that MySQL.com is also subject to an XSS (cross-site scripting) vulnerability that was reported in January 2011 and has not been remedied," Wisniewski added.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Apple, Google, Microsoft expand their support for password-less sign-ins
cyber security

Apple, Google, Microsoft expand their support for password-less sign-ins

6 May 2022
NordPass teams up with insurance provider Cowbell Cyber to improve security awareness
cyber security

NordPass teams up with insurance provider Cowbell Cyber to improve security awareness

18 Feb 2022
The IT Pro Products of the Year 2021: The year’s best hardware and software
Hardware

The IT Pro Products of the Year 2021: The year’s best hardware and software

31 Dec 2021
NCA donates 225 million passwords to Have I Been Pwned
cyber security

NCA donates 225 million passwords to Have I Been Pwned

21 Dec 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Costa Rica declares state of emergency following Conti ransomware attack
ransomware

Costa Rica declares state of emergency following Conti ransomware attack

10 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022