MySQL website falls victim to SQL injection attack

Usernames and passwords were stolen, including those for two corporate blogs and a number of database accounts

Oracle's MySQL.com customer website was apparently compromised over the weekend by a pair of hackers who publicly posted usernames, and in some cases passwords, of the site's users.

Taking credit for the hack were "TinKode" and "Ne0h," who wrote that the hack resulted from a SQL injection attack that they did not provide further details on. The vulnerable domains were listed as www.mysql.com, www.mysql.fr, www.mysql.de, www.mysql.it and www-jp.mysql.com.

According to a post on the Full Disclosure bug mailing list on Sunday, MySQL.com ran a variety of internal databases on an Apache web server. The information posted included a raft of password hashes, some of which have now been cracked.

Among the credentials in a dump of the information posted on Pastebin were passwords for a number of MySQL database users on the server, and the admin passwords for the corporate blogs of two former MySQL employees. The bloggers were former director of product management Robin Schumacher, and former vice-president of community relations, Kaj Arnö. Schumacher is now director of product strategy at EnterpriseDB, while Arnö is now executive vice president for products at SkySQL. Schumacher's blog had not been touched since June 2009, Arnö's not since January 2010.

Oracle, which took control of MySQL with its acquisition of Sun Microsystems in April 2009, did not have an immediate comment.

A security company that monitors websites for hacking attacks, Sucuri, advised users with an account on MySQL.com, to change their passwords as soon as possible, especially if they use the same passwords across multiple sites.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags intrusionsecuritydata breachExploits / vulnerabilitiesdata protectionOracle

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?