WW
WASC Web Hacking Incidents Database
Mon, Apr 25, 2011 1:23 PM
*Entry Title: *WHID 2011-80: Ashampoo server hacked, customer names and
e-mail addresses stolen
*WHID ID: *2011-80
*Date Occurred: *April 21, 2011
*Attack Method: *SQL Injection
*Application Weakness: *Improper Input Handling
*Outcome: *Leakage of Information
*Attacked Entity Field: *Retail
*Attacked Entity Geography: *
*Incident Description: *Rolf Hilchner, CEO of Ashampoo, has posted on the
company’s website explaining exactly what has happened. Apparently hackers
managed to break into one of Ashampoo’s servers that held customer data.
There was a hole in their security and by using it Ashampoo customer names
and e-mail addresses have been taken, but no payment and billing information
was accessed.
*Mass Attack: *No
*Reference: *
http://www.geek.com/articles/geek-pick/ashampoo-server-hacked-customer-names-and-e-mail-addresses-stolen-20110421/
*Attack Source Geography: *
*Additional Link: *http://www.ashampoo.com/en/usd/dth
*Entry Title: *WHID 2011-80: Ashampoo server hacked, customer names and
e-mail addresses stolen
*WHID ID: *2011-80
*Date Occurred: *April 21, 2011
*Attack Method: *SQL Injection
*Application Weakness: *Improper Input Handling
*Outcome: *Leakage of Information
*Attacked Entity Field: *Retail
*Attacked Entity Geography: *
*Incident Description: *Rolf Hilchner, CEO of Ashampoo, has posted on the
company’s website explaining exactly what has happened. Apparently hackers
managed to break into one of Ashampoo’s servers that held customer data.
There was a hole in their security and by using it Ashampoo customer names
and e-mail addresses have been taken, but no payment and billing information
was accessed.
*Mass Attack: *No
*Reference: *
http://www.geek.com/articles/geek-pick/ashampoo-server-hacked-customer-names-and-e-mail-addresses-stolen-20110421/
*Attack Source Geography: *
*Additional Link: *http://www.ashampoo.com/en/usd/dth