Serious SQL flaw could have compromised millions of Rockyou.com users
Posted on 14 December 2009.
Imperva has issued a warning after finding a serious SQL injection flaw with Rockyou.com - a social networking application development web site.

The SQL injection flaw could have allowed attackers to access the 32 million entries of user names plus passwords in the Rockyou.com database - and since the user names and passwords are by default the same as the users webmail account—such as Hotmail, Yahoo or Gmail—this is a major lapse in security.

An attacker can use these credentials to perform any of the following actions:

1. Extract private information from the inbox: credit card numbers, confidential business information, passwords to another application such as bank application embarrassing pictures etc.
2. Identity theft – The attacker can send mail to the victim’s entire contact list on behalf of the victim.
3. Harvest the contacts info for spam – if each account has 10 unique contacts then the spammer will have 300 million addresses to spam.

"We have notified the site operators of this problem, who re-acted quickly and fixed the issue over the weekend. Unfortunately some accounts had already been compromised before the vulnerability was fixed. All users need to be cautious and ensure they change their email passwords as their credentials may have been put at risk” said Amichai Shulman, Imperva CTO.





Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //