[WASC-WHID] WHID 2011-42: Irish recruitment website hacked

WASC Web Hacking Incidents Database wasc-whid at lists.webappsec.org
Mon Apr 25 09:04:13 EDT 2011


*Entry Title: *WHID 2011-42: Irish recruitment website hacked
*WHID ID: *2011-42
*Date Occurred: *February 8, 2011
*Attack Method: *SQL Injection
*Application Weakness: *Improper Input Handling
*Outcome: *Leakage of Information
*Attacked Entity Field: *Recruitment
*Attacked Entity Geography: *Ireland
*Incident Description: *The Irish job website RecruitIreland.com was hacked
earlier this week, resulting in breached systems and the theft of the
credentials of 400,000 users.
According to media reports, the website was temporarily taken offline after
the breach was discovered on the 8th February. A statement on the website
said that as per its security guidelines and structures, it has a process in
place for eventualities such as this.
It said: “The present indicators are that our database was breached to get
email addresses and names for spamming
*Mass Attack: *No
*Reference: *
http://www.scmagazineuk.com/irish-recruitment-website-hacked-leading-to-the-breach-of-around-400000-user-details/article/196142/
*Attack Source Geography: *
*Items Leaked: *email addresses
*Number of Records: *400,000
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-whid_lists.webappsec.org/attachments/20110425/e8ecaa2c/attachment-0003.html>


More information about the wasc-whid mailing list