[WASC-WHID] WHID 2011-90: DSLReports says member information stolen

WASC Web Hacking Incidents Database wasc-whid at lists.webappsec.org
Mon May 2 15:28:54 EDT 2011


WHID 2011-90: DSLReports says member information stolen

Entry Title: WHID 2011-90: DSLReports says member information stolen
WHID ID: 2011-90
Date Occurred: April 28, 2011
Attack Method: SQL Injection
Application Weakness: Improper Input Handling
Outcome: Leakage of Information
Attacked Entity Field: News
Attacked Entity Geography: USA
Incident Description: Subscribers to ISP news and review site DSLReports.com
have been notified that their e-mail addresses and passwords may have been
exposed during an attack on the Web site earlier this week.
The site was targeted in an SQL injection attack yesterday and about 8
percent of the subscribers' e-mail addresses and passwords were stolen,
Justin Beech, founder of DSLReports.com, wrote in an e-mail to members. That
would be about 8,000 random accounts of the 9,000 active and 90,000 old or
inactive accounts created during the site's 10-year history, Beech said in
an e-mail to CNET today.
Mass Attack: No
Reference: http://news.cnet.com/8301-27080_3-20058471-245.html
Attack Source Geography:


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-whid_lists.webappsec.org/attachments/20110502/3aa5e14b/attachment.html>


More information about the wasc-whid mailing list