Oracle's MySQL.com hacked via SQL injection

Share this article:

Updated Monday, March 28, 2011 at 5:56 p.m. EST 

Hackers over the weekend compromised Oracle's MySQL.com customer website via SQL injection and posted a list of usernames and passwords online.

Two Romanian hackers using the aliases “TinKode” and “NeOh” have taken responsibility for the attack and said they exploited an SQL injection flaw to break into the web servers hosting MySQL.com, a website for the popular open source database product.

The site was first outed as vulnerable in a Sunday post to the Full Disclosure mailing list by a user with the alias “Jackh4xor,” who included a list of MySQL.com internal databases and tables along with usernames and password hashes.

Later on Sunday, TinKode and NeOh posted a dump of information extracted from MySQL, including the cracked passwords of users, to the text-sharing site Pastebin.

In an accompanying blog post, TinKode said he and NeOh had discovered the vulnerability in January. Their information dump included account credentials for two former MySQL employees – former Director of Product Management Robin Schumacher, whose password was a four-digit number, and former Vice President of Community Relations Kaj Arnö.

The hackers also on Sunday admitted to attacking Oracle's Sun Microsystems website, Sun.com, via SQL injection. They posted tables and email addresses, but no passwords, extracted from Sun.com.

Oracle obtained both affected domains, Sun.com and MySQL.com, with its acquisition of Sun.

“It does not appear to be a vulnerability in the MySQL software, but rather flaws in the implementation of their websites,” Chester Wisniewski, senior security adviser at anti-virus firm Sophos, wrote in a blog post Monday. “Auditing your websites for SQL injection is an essential practice, as well as using secure passwords.”

An Oracle spokeswoman told SCMagazineUS.com in an email Monday that the company is investigating the incident to determine which systems and data are affected.

Researchers, meanwhile, are advising MySQL users to exercise caution in light of the incident.

“If you have an account on MySQL.com, we recommend changing your passwords ASAP (especially if you like to reuse them across multiple sites),” David Dede, lead security researcher at Sucuri Security, a malware detection solutions provider, wrote in a blog post Sunday.

Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.