IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

MySQL hit by irony attack

MySQL.com gets hit by an SQL injection attack, and hackers leak some disconcertingly weak passwords onto the net.

MySQL

In a somewhat ironic hack, MySQL.com has been compromised as a result of an SQL injection attack, leading to usernames and password hashes being published online.

The exploited flaws did not lie within MySQL business database management software, but in the implementation of the Oracle-owned website.

The hackers posted a host of usernames and password hashes some of which have reportedly been decrypted already onto Pastebin.com.

Hackers Ne0h and TinKode claimed responsibility for the compromises. The latter said they were behind an SQL injection attack on the Royal Navy website last year.

A number of the employee passwords leaked by the MySQL.com hackers appeared to be fairly weak, according to Chester Wisniewski, senior security advisor at Sophos Canada.

"Most embarrassingly, the director of product management's WordPress password was set to a four digit number... his ATM PIN perhaps?" Wisniewski said in a blog.

"The irony is that they weren't compromised by means of their ridiculously simple passwords, but rather flaws in the implementation of their site."

MySQL owner Sun Microsystems now an Oracle subsidiary was also targeted by the two hackers, as tables and emails were dumped on Pastebin, but no passwords.

"It was noted on Twitter that MySQL.com is also subject to an XSS (cross-site scripting) vulnerability that was reported in January 2011 and has not been remedied," Wisniewski added.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to incorporate password protection into your security strategy
Sponsored

How to incorporate password protection into your security strategy

3 Aug 2022
Should you take your password manager off the internet?
Sponsored

Should you take your password manager off the internet?

28 Jul 2022
The psychology of secure passwords
Sponsored

The psychology of secure passwords

14 Jul 2022

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022