Proving that no website is ever truly secure, it is being reported that MySQL.com has succumbed to a SQL injection attack. It was first disclosed to the Full Disclosure mailing list early this morning. Hackers have now posted a dump of usernames and password hashes to pastebin.com.
Most embarrassingly, the Director of Product Management's WordPress password was set to a four digit number... his ATM PIN perhaps? Several accounts had passwords like "qa". The irony is that they weren't compromised by means of their ridiculously simple passwords, but rather flaws in the implementation of their site.
MySQL's parent company Sun/Oracle has also been attacked. Both tables and emails were dumped from their databases, but no passwords.
Read more: Naked security
0 comments:
Post a Comment