1 min read

8,000 exposed in Slovak Chamber of Commerce and Industry hack

Alexandra GHEORGHE

December 19, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
8,000 exposed in Slovak Chamber of Commerce and Industry hack

The official site of the Slovak Chamber of Commerce and Industry (scci.sk) got hacked and 8,000 users were affected, according to news reports.

Data such as names, phone numbers, hashed passwords, and emails, were leaked by a hacker dubbed Kapustkiy, a member of the New World Hackers group. He reportedly used SQL injection to exploit an existing site vulnerability and managed to get access to sensitive information.

The hacker said to have contacted the site”s administrators, but hasn”t received a response.

SQL injection is one of the most common techniques used to force a site into dumping data to an attacker. Yahoo, Sony, LinkedIn and other millions of web applications have suffered SQL injection attacks. Why? The Open Web Application Security Project (OWASP) offers a pretty good explanation:

SQL Injection attacks are unfortunately very common, and this is due to two factors: the prevalence of SQL Injection vulnerabilities and the attractiveness of the target (databases containing the interesting/critical data for the application),” OWASP says.

Plus, there are a lot of free available tools which even script-kiddies can access.

The first step towards better security is to scan websites and web applications with an automated web application security scanner. Developers also need to provide each web application only with the privileges it requires. Segregation and data encryption are also quite important, along with the sanitization of user input.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Adware Sneaks onto Google Play Store and Apple App Store, Researchers Find Adware Sneaks onto Google Play Store and Apple App Store, Researchers Find
Silviu STAHIE

September 27, 2022

1 min read
Hackers Release Stolen Data after French Hospital Refuses to Pay Decryption Ransom Hackers Release Stolen Data after French Hospital Refuses to Pay Decryption Ransom
Silviu STAHIE

September 27, 2022

1 min read
Stolen or Lost iPhone? Six Things to Do Immediately Stolen or Lost iPhone? Six Things to Do Immediately
Filip TRUȚĂ

September 27, 2022

2 min read