[WASC-WHID] WHID 2011-80: Ashampoo server hacked, customer names and e-mail addresses stolen

WASC Web Hacking Incidents Database wasc-whid at lists.webappsec.org
Mon Apr 25 09:23:50 EDT 2011


*Entry Title: *WHID 2011-80: Ashampoo server hacked, customer names and
e-mail addresses stolen
*WHID ID: *2011-80
*Date Occurred: *April 21, 2011
*Attack Method: *SQL Injection
*Application Weakness: *Improper Input Handling
*Outcome: *Leakage of Information
*Attacked Entity Field: *Retail
*Attacked Entity Geography: *
*Incident Description: *Rolf Hilchner, CEO of Ashampoo, has posted on the
company’s website explaining exactly what has happened. Apparently hackers
managed to break into one of Ashampoo’s servers that held customer data.
There was a hole in their security and by using it Ashampoo customer names
and e-mail addresses have been taken, but no payment and billing information
was accessed.
*Mass Attack: *No
*Reference: *
http://www.geek.com/articles/geek-pick/ashampoo-server-hacked-customer-names-and-e-mail-addresses-stolen-20110421/
*Attack Source Geography: *
*Additional Link: *http://www.ashampoo.com/en/usd/dth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-whid_lists.webappsec.org/attachments/20110425/5a1041b0/attachment-0003.html>


More information about the wasc-whid mailing list