Oracle quiet on MySQL.com hack claims

MySQL

Oracle has chosen not to comment on an alleged hack of MySQL.com the site that has been smashed by cyber criminals on two occasions already this year.

A hacker going by the pseudonym D35M0ND142 posted information on Pastebin, claiming it came from, somewhat ironically, a MySQL.com database.

D35M0ND142 suggested the website owners had not fixed the site following two serious hack attacks this year. Oracle told IT Pro it had no comment on the matter.

The main problem is that unlike Microsoft or Google, many companies are not doing a good job in protecting those services.

Data included in the Pastebin post appeared to feature usernames, emails and passwords of various MySQL.com users. This purportedly included login details of Robin Schumacher, MySQL's director of product management.

Luis Corrons, technical director of PandaLabs, said it looked like the information could be real.

"This is one of the biggest problems we are facing nowadays: there are a number of online services we use, we have to register to get access to them and most of the users have the bad habit to reuse the password everywhere," Corrons told IT Pro.

"What is worse, in most of these services you have to give an email address, so if someone gets access to the database where all this information is stored you could have your email account hacked.

"The main problem is that unlike Microsoft or Google, many companies are not doing a good job in protecting those services."

In September, MySQL.com was found serving malware after security firm Amorize found some highly obfuscated JavaScript on the website.

In March, the website was compromised as a result of an SQL injection attack.

In that case, hackers posted a host of usernames and password hashes some of which had reportedly been decrypted onto Pastebin.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.