Breach, Data Security, Vulnerability Management

Wall Street Journal website vulnerable to SQL injection, gets hacked

The Wall Street Journal confirmed in a Tuesday report that an outside party – believed to be W0rm, a Russian hacker selling a stolen database for a Bitcoin – exploited a vulnerability and hacked into its news graphics systems. 

Andrew Komarov, CEO of IntelCrawler who tipped off The Wall Street Journal to the incident, told SCMagazine.com on Wednesday that photos W0rm posted revealed that the news site was vulnerable to SQL injection.  

The attacker could have access to all available databases on the server – close to 23 – and could additionally extract information about system users from MySQL, Komarov said. He was quoted in the report as stating the attacker could modify content and users on the server.

The compromised systems have been taken offline and an investigation is ongoing, according to the report. No customers are believed to be impacted.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.