[WASC-WHID] WHID 2011-66: Epsilon Data Breach

WASC Web Hacking Incidents Database wasc-whid at lists.webappsec.org
Mon Apr 25 09:15:31 EDT 2011


*Entry Title: *WHID 2011-66: Epsilon Data Breach
*WHID ID: *2011-66
*Date Occurred: *April 4, 2011
*Attack Method: *SQL Injection
*Application Weakness: *Improper Input Handling
*Outcome: *Leakage of Information
*Attacked Entity Field: *Marketing
*Attacked Entity Geography: *
*Incident Description: *Epsilon--the largest distributor of permission-based
email in the world--revealed that millions of individual email addresses
were exposed in an attack on its servers. While no other information was
apparently compromised, security experts are warning users to brace for a
tidal wave of more precise spear phishing attacks.
*Mass Attack: *No
*Reference:*
http://www.pcworld.com/businesscenter/article/224192/epsilon_data_breach_expect_a_surge_in_spear_phishing_attacks.html
*Attack Source Geography:*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-whid_lists.webappsec.org/attachments/20110425/a44f9c69/attachment-0003.html>


More information about the wasc-whid mailing list