MySQL hit by irony attack

MySQL.com gets hit by an SQL injection attack, and hackers leak some disconcertingly weak passwords onto the net.

MySQL

In a somewhat ironic hack, MySQL.com has been compromised as a result of an SQL injection attack, leading to usernames and password hashes being published online.

The exploited flaws did not lie within MySQL business database management software, but in the implementation of the Oracle-owned website.

The hackers posted a host of usernames and password hashes some of which have reportedly been decrypted already onto Pastebin.com.

Hackers Ne0h and TinKode claimed responsibility for the compromises. The latter said they were behind an SQL injection attack on the Royal Navy website last year.

A number of the employee passwords leaked by the MySQL.com hackers appeared to be fairly weak, according to Chester Wisniewski, senior security advisor at Sophos Canada.

"Most embarrassingly, the director of product management's WordPress password was set to a four digit number... his ATM PIN perhaps?" Wisniewski said in a blog.

"The irony is that they weren't compromised by means of their ridiculously simple passwords, but rather flaws in the implementation of their site."

MySQL owner Sun Microsystems now an Oracle subsidiary was also targeted by the two hackers, as tables and emails were dumped on Pastebin, but no passwords.

"It was noted on Twitter that MySQL.com is also subject to an XSS (cross-site scripting) vulnerability that was reported in January 2011 and has not been remedied," Wisniewski added.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

1Password Business review: First choice for business travel and guest accounts
Security

1Password Business review: First choice for business travel and guest accounts

16 Jul 2021
Keeper Security review: Keeps corporate password management simple
Software

Keeper Security review: Keeps corporate password management simple

9 Jul 2021
Dashlane review: A very web-focused password manager
Security

Dashlane review: A very web-focused password manager

2 Jul 2021
LastPass review: Great to administrate, a little clunky to use
Software

LastPass review: Great to administrate, a little clunky to use

25 Jun 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
IT Pro Panel: Why IT leaders need soft skills
professional development

IT Pro Panel: Why IT leaders need soft skills

26 Jul 2021