Wall Street Journal website vulnerable to SQL injection, gets hacked

Share this article:

The Wall Street Journal confirmed in a Tuesday report that an outside party – believed to be W0rm, a Russian hacker selling a stolen database for a Bitcoin – exploited a vulnerability and hacked into its news graphics systems. 

Andrew Komarov, CEO of IntelCrawler who tipped off The Wall Street Journal to the incident, told SCMagazine.com on Wednesday that photos W0rm posted revealed that the news site was vulnerable to SQL injection.  

The attacker could have access to all available databases on the server – close to 23 – and could additionally extract information about system users from MySQL, Komarov said. He was quoted in the report as stating the attacker could modify content and users on the server.

The compromised systems have been taken offline and an investigation is ongoing, according to the report. No customers are believed to be impacted.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.