Wall Street Journal website vulnerable to SQL injection, gets hacked
The Wall Street Journal confirmed in a Tuesday report that an outside party – believed to be W0rm, a Russian hacker selling a stolen database for a Bitcoin – exploited a vulnerability and hacked into its news graphics systems.
Andrew Komarov, CEO of IntelCrawler who tipped off The Wall Street Journal to the incident, told SCMagazine.com on Wednesday that photos W0rm posted revealed that the news site was vulnerable to SQL injection.
The attacker could have access to all available databases on the server – close to 23 – and could additionally extract information about system users from MySQL, Komarov said. He was quoted in the report as stating the attacker could modify content and users on the server.
The compromised systems have been taken offline and an investigation is ongoing, according to the report. No customers are believed to be impacted.