The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: database hacking

21-Year-Old Cypriot Hacker Extradited to U.S. Over Fraud and Extortion Charges

21-Year-Old Cypriot Hacker Extradited to U.S. Over Fraud and Extortion Charges
July 20, 2020Swati Khandelwal
The United States Department of Justice has extradited two criminals from the Republic of Cyprus—one is a computer hacker suspected of cyber intrusions and extortion, and the other is a money launderer with known connections to the terrorist organization Hezbollah. Both suspects— Joshua Polloso Epifaniou , 21, a resident of Nicosia, and Ghassan Diab , 37, a citizen of Lebanon—were arrested earlier last year and extradited to the United States last weekend. According to the indictment , Epifaniou conducted a brute force attack against the Phoenix-based online review portal Ripoff Report (ROR) in October 2016 and successfully override ROR's login and password protection to gain access to its database through an existing account associated with a ROR employee. In November 2016, Epifaniou tried to extort the company by emailing ROR's CEO with a hyperlink to a video demonstrating Epifaniou's unauthorized access to the ROR CEO's account, threatening him to publicly di

WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers

WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers
April 01, 2020Ravie Lakshmanan
Cybersecurity researchers today uncovered a sustained malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy backdoors and other kinds of malware, including multi-functional remote access tools (RATs) and cryptominers. Named " Vollgar " after the Vollar cryptocurrency it mines and its offensive "vulgar" modus operandi, researchers at Guardicore Labs said the attack employs password brute-force to breach Microsoft SQL servers with weak credentials exposed to the Internet. Researchers claim the attackers managed to successfully infect nearly 2,000-3,000 database servers daily over the past few weeks, with potential victims belonging to healthcare, aviation, IT & telecommunications, and higher education sectors across China, India, the US, South Korea, and Turkey. Thankfully for those concerned, researchers have also released a script to let sysadmins detect if any of their Windows MS-SQL servers have been

Unprotected Database Exposes Personal Info of 80 Million American Households

Unprotected Database Exposes Personal Info of 80 Million American Households
April 30, 2019Wang Wei
A team of security researchers has claims to have found a publicly-accessible database that exposes information on more than 80 million U.S. households—nearly 65 percent of the total number of American households. Discovered by VPNMentor's research team lead by hacktivists Noam Rotem and Ran Locar, the unsecured database includes 24GB of extremely detailed information about individual homes, including their full names, addresses, ages, and birth dates. The massive database which is hosted on a Microsoft cloud server also contains coded information noted in "numerical values," which the researchers believe correlates to homeowners' gender, marital status, income bracket, status, and dwelling type. Fortunately, the unprotected database does not contain passwords, social security numbers or payment card information related to any of the affected American households. The researchers verified the accuracy of some data in the cache, but they did not download the

500 Million Marriott Guest Records Stolen in Starwood Data Breach

500 Million Marriott Guest Records Stolen in Starwood Data Breach
November 30, 2018Mohit Kumar
The world's biggest hotel chain Marriott International today disclosed that unknown hackers compromised guest reservation database its subsidiary Starwood hotels and walked away with personal details of about 500 million guests. Starwood Hotels and Resorts Worldwide was acquired by Marriott International for $13 billion in 2016. The brand includes St. Regis, Sheraton Hotels & Resorts, W Hotels, Westin Hotels & Resorts, Aloft Hotels, Tribute Portfolio, Element Hotels, Le Méridien Hotels & Resorts, The Luxury Collection, Four Points by Sheraton and Design Hotels. The incident is believed to be one of the largest data breaches in history, behind 2016 Yahoo hacking in which nearly 3 billion user accounts were stolen. The breach of Starwood properties has been happening since 2014 after an "unauthorized party" managed to gain unauthorized access to the Starwood's guest reservation database, and had copied and encrypted the information. Marriott dis

Real Identity of Hacker Who Sold LinkedIn, Dropbox Databases Revealed

Real Identity of Hacker Who Sold LinkedIn, Dropbox Databases Revealed
November 21, 2018Swati Khandelwal
The real identity of Tessa88—the notorious hacker tied to several high-profile cyber attacks including the LinkedIn , DropBox and MySpace mega breaches—has been revealed as Maksim Vladimirovich Donakov (Максим Владимирович Донаков), a resident of Penza, Russian Federation. In early 2016, a hacker with pseudonym Tessa88 emerged online offering stolen databases from some of the biggest social media websites in the world, including LinkedIn, MySpace, VKontakte (vk.com), Dropbox, Rambler , and Twitter , for sale in various underground hacking forums. The stolen data, taken years ago from several social media sites, included more than half a billion username and password combinations, which were then used in phishing, account takeover, and other cyber attacks. Though Tessa88's profile was active for a few months between February and May 2016, the OPSEC analysis revealed that the same person was involved in various cybercriminal activities since as early as 2012 under different

Hackers Targeting Servers Running Database Services for Mining Cryptocurrency

Hackers Targeting Servers Running Database Services for Mining Cryptocurrency
December 21, 2017Swati Khandelwal
Security researchers have discovered multiple attack campaigns conducted by an established Chinese criminal group that operates worldwide, targeting database servers for mining cryptocurrencies, exfiltrating sensitive data and building a DDoS botnet. The researchers from security firm GuardiCore Labs have analyzed thousands of attacks launched in recent months and identified at least three attack variants— Hex, Hanako, and Taylor —targeting different MS SQL and MySQL servers for both Windows and Linux. The goals of all the three variants are different—Hex installs cryptocurrency miners and remote access trojans (RATs) on infected machines, Taylor installs a keylogger and a backdoor, and Hanako uses infected devices to build a DDoS botnet. So far, researchers have recorded hundreds of Hex and Hanako attacks and tens of thousands of Taylor attacks each month and found that most compromised machines are based in China, and some in Thailand, the United States, Japan and others.

Massive Breach Exposes Keyboard App that Collects Personal Data On Its 31 Million Users

Massive Breach Exposes Keyboard App that Collects Personal Data On Its 31 Million Users
December 05, 2017Mohit Kumar
In the digital age, one of the most popular sayings is—if you're not paying, then you're not the customer, you're the product. While downloading apps on their smartphones, most users may not realize how much data they collect on you. Believe me; it's way more than you can imagine. Nowadays, many app developers are following irresponsible practices that are worth understanding, and we don't have a better example than this newly-reported incident about a virtual keyboard app. A team of security researchers at the Kromtech Security Center has discovered a massive trove of personal data belonging to more than 31 million users of the popular virtual keyboard app, AI.type, accidentally leaked online for anyone to download without requiring any password. Founded in 2010, Ai.type is a customizable and personalizable on-screen keyboard for mobile phones and tablets, with more than 40 million users worldwide. Apparently, a misconfigured MongoDB database, owned by

Over 70,000 Memcached Servers Still Vulnerable to Remote Hacking

Over 70,000 Memcached Servers Still Vulnerable to Remote Hacking
July 18, 2017Swati Khandelwal
Nothing in this world is fully secure, from our borders to cyberspace. I know vulnerabilities are bad, but the worst part comes in when people just don't care to apply patches on time. Late last year, Cisco's Talos intelligence and research group discovered three critical remote code execution (RCE) vulnerabilities in Memcached that exposed major websites including Facebook, Twitter, YouTube, Reddit, to hackers. Memcached is a popular open-source and easily deployable distributed caching system that allows objects to be stored in memory. The Memcached application has been designed to speed up dynamic web applications ( for example php-based websites) by reducing stress on the database that helps administrators to increase performance and scale web applications. It's been almost eight months since the Memcached developers have released patches for three critical RCE vulnerabilities (CVE-2016-8704, CVE-2016-8705 and CVE-2016-8706) but tens of thousands of servers

Katyusha Scanner — Telegram-based Fully Automated SQL Injection Tool

Katyusha Scanner — Telegram-based Fully Automated SQL Injection Tool
July 12, 2017Swati Khandelwal
A new powerful hacking tool recently introduced in an underground forum is making rounds these days, allowing anyone to rapidly conduct website scans for SQL injection flaws on a massive scale — all controlled from a smartphone using the Telegram messaging application. Dubbed Katyusha Scanner , the fully automated powerful SQLi vulnerability scanner was first surfaced in April this year when a Russian-speaking individual published it on a popular hacking forum. Researchers at Recorded Future's Insikt Group threat intelligence division found this tool for sale on an underground hacking forum for just $500. Users can even rent the Katyusha Scanner tool for $200. According to the researchers, Katyusha Scanner is a web-based tool that's a combination of Arachni Scanner and a basic SQL Injection exploitation tool that allows users to automatically identify SQLi vulnerable sites and then exploits it to take over its databases. Arachni is an open source vulnerability scann

Reliance Jio Customers' Data Allegedly Hacked – Company Denies Breach

Reliance Jio Customers' Data Allegedly Hacked – Company Denies Breach
July 10, 2017Mohit Kumar
Personal details of some 120 Million customers have been allegedly exposed on the Internet in probably the biggest breach of personal data ever in India. Last night, an independent website named Magicapk.com went online, offering Reliance Jio customers to search for their identification data (Know Your Customer or KYC) just by typing in their Jio number. Reliance set up the Jio 4G network across the length and breadth of India in September last year and gained more than 50 million subscribers within a span of just 83 days. The company gave seven months of free internet, unlimited calls, unlimited music to its subscribers. Although the website that claimed to have hacked into Jio database is no longer accessible, many users confirmed their personal data showed up on the website, displaying their names, email addresses and most alarmingly, in some cases, Aadhaar numbers. Aadhaar is a 12-digit unique identification number issued by the Indian government to every resident of In

New Windows Trojan Spreads MIRAI Malware To Hack More IoT Devices

New Windows Trojan Spreads MIRAI Malware To Hack More IoT Devices
February 09, 2017Swati Khandelwal
MIRAI – possibly the biggest IoT-based malware threat that emerged last year, which caused vast internet outage in October last year by launching massive distributed denial-of-service (DDoS) attacks against the popular DNS provider Dyn . Now, the infamous malware has updated itself to boost its distribution efforts. Researchers from Russian cyber-security firm Dr.Web have now uncovered a Windows Trojan designed to built with the sole purpose of helping hackers spread Mirai to even more devices. Mirai is a malicious software program for Linux-based internet-of-things (IoT) devices which scan for insecure IoT devices, enslaves them into a botnet network, and then used them to launch DDoS attacks, and spreads over Telnet by using factory device credentials. It all started early October last year when a hacker publicly released the source code of Mirai . Dubbed Trojan.Mirai.1, the new Trojan targets Windows computers and scans the user's network for compromisable Linux-

Someone Hijacking Unsecured MongoDB Databases for Ransom

Someone Hijacking Unsecured MongoDB Databases for Ransom
January 04, 2017Swati Khandelwal
Nearly two years back, we warned users about publicly accessible MongoDB instances – almost 600 Terabytes (TB) – over the Internet which require no authentication, potentially leaving websites and servers at risk of hacking. These MongoDB instances weren't exposed due to any flaw in its software, but due to a misconfiguration (bad security practice) that let any remote attacker access MongoDB databases without using any special hacking tool. MongoDB later resolved the issue in the next version of its software by setting unrestricted remote access by default in the configuration, thousands of site administrators have not updated their servers yet. But trust me, they'll now regret this! A Hacker is now hijacking and wiping out unsecured MongoDB databases , but keeping a copy of those databases for asking administrators a ransom of 0.2 Bitcoins (nearly US$211) to return the lost data. So, admins without backups are left in a bind. In fact, the rising price of Bitcoin

Dropbox Hacked — More Than 68 Million Account Details Leaked Online

Dropbox Hacked — More Than 68 Million Account Details Leaked Online
August 30, 2016Swati Khandelwal
Hackers have obtained credentials for more than 68 Million accounts for online cloud storage platform Dropbox from a known 2012 data breach. Dropbox has confirmed the breach and already notified its customers of a potential forced password resets, though the initial announcement failed to specify the exact number of affected users. However, in a selection of files obtained through sources in the database trading community and breach notification service Leakbase , Motherboard found around 5GB of files containing details on 68,680,741 accounts, which includes email addresses and hashed (and salted) passwords for Dropbox users. An unnamed Dropbox employee verified the legitimacy of the data. Out of 68 Million, almost 32 Million passwords are secured using the strong hashing function " BCrypt , " making difficult for hackers to obtain users' actual passwords, while the rest of the passwords are hashed with the SHA-1 hashing algorithm . These password hashes als

Two US State Election Systems Hacked to Steal Voter Databases — FBI Warns

Two US State Election Systems Hacked to Steal Voter Databases — FBI Warns
August 30, 2016Mohit Kumar
A group of unknown hackers or an individual hacker may have breached voter registration databases for election systems in at least two US states, according to the FBI, who found evidence during an investigation this month. Although any intrusion in the state voting system has not been reported, the FBI is currently investigating the cyberattacks on the official websites for voter registration system in both Illinois and Arizona, said Yahoo News . The FBI's Cyber Division released a " Flash Alert " to election offices and officials across the United States, asking them to watch out for any potential intrusions and take better security precautions. "In late June 2016, an unknown actor scanned a state's Board of Election website for vulnerabilities using Acunetix, and after identifying a Structured Query Language (SQL) injection (SQLi) vulnerability, used SQLmap to target the state website," the FBI alert reads. "The majority of the data exfiltr

191 Million US Voters' Personal Info Exposed by Misconfigured Database

191 Million US Voters' Personal Info Exposed by Misconfigured Database
December 28, 2015Swati Khandelwal
BREAKING: A misconfigured database has resulted in the exposure of around 191 Million voter records including voters' full names, their home addresses, unique voter IDs, date of births and phone numbers. The database was discovered on December 20th by Chris Vickery , a white hat hacker, who was able to access over 191 Million Americans' personal identifying information (PII) that are just sitting in the public to be found by anyone looking for it. Vickery is the same security researcher who uncovered personal details of 13 Million MacKeeper users two weeks ago, which included names, email addresses, usernames, password hashes, IP addresses, phone numbers, and system information. However, the recent discovery made him shocked when he saw his own information in the database, according to DataBreaches.net, whom the researcher contacted and provided all the details about his finding. 300GB Trove of Voters' Information Leaked Vickery has his hands on all

AntiVirus Firm BitDefender Hacked; Turns Out Stored Passwords Are UnEncrypted

AntiVirus Firm BitDefender Hacked; Turns Out Stored Passwords Are UnEncrypted
August 01, 2015Mohit Kumar
Forget about Financial services and Online shopping websites, but at least we expect from Security Firms and Antivirus vendors to keep our personal and Sensitive data Encrypted and Secured. One of the most popular and much-respected Antivirus and computer security firms 'BitDefender' has recently been hacked and has had a portion of its customer data leaked. The Data Breach in BitDefender is incredibly embarrassing for the security firm, not because the company failed to prevent its customers data from hackers, but because the Security company failed to encrypt its customers' most sensitive data . Now, this is something really not expected from a reputed Security Firm. It appears that the hacker, who uses the online alias DetoxRansome , was able to break into a Bitdefender server that hosted the cloud-based management dashboards for its small and medium-sized business clients, and pilfer usernames and passwords belonged to them. They Forget to Encrypt C

600TB MongoDB Database 'accidentally' exposed on the Internet

600TB MongoDB Database 'accidentally' exposed on the Internet
July 22, 2015Swati Khandelwal
System administrators have reportedly exposed almost 600 Terabytes (TB) of MongoDB database due to running outdated and unpatched versions of the NoSQL MongoDB database. The open source MongoDB is the most popular NoSQL database used by companies of all sizes, from eBay and Sourceforge to The New York Times and LinkedIn. According to Shodan's representative John Matherly, nearly 30,000 MongoDB instances are publicly accessible over the Internet without the need of any form of authentication. This huge MongoDB database isn't exposed due to a flaw in its latest version of the software, but due to the use of out-of-date and unpatched versions of the platform that fail to bind to localhost. While investigating NoSQL databases, Matherly focused on MongoDB that is growing in popularity. "It turns out that MongoDB version 2.4.14 seems to be the last version that still listened to 0.0.0.0 [in which listening is enabled for all interfaces] by default, which

Gaana.com Hacked, 10 Million Users' Details Exposed

Gaana.com Hacked, 10 Million Users' Details Exposed
May 28, 2015Mohit Kumar
Gaana.com -- One of India's most popular music streaming service with more than 10 Million registered users and 7.5 Million monthly visitors -- has reportedly been hacked, exposing the site's user information database. A Pakistani hacker, who claimed responsibility for the hack, claims that details of over 10 Million users of Gaana service including their username, email addresses, MD5-encrypted password, date of births, and other personal information has been stolen and made available in a searchable database. At the time of writing, Gaana website is currently down for maintenance without any official statement provided yet. As of now, the site displays, "Site is down due to server maintenance. We will be back shortly. Kindly bear with us till then." Details of 10 Million Users Available in a Searchable Database: The hacker, nicknamed Mak Man , posted the link to a searchable database of Gaana user details on his Facebook page, with images of t

Hackers Selling Database of 4 Million Adult Friend Finder Users at $16,800

Hackers Selling Database of 4 Million Adult Friend Finder Users at $16,800
May 25, 2015Swati Khandelwal
Email addresses, sexual orientations, and other sensitive details from about 3.9 Million Adult Friend Finder online hookup service are currently available for sale for 70 Bitcoins (around $16,800/€15,300) on an underground website. Yes, the sex life of almost 4 million subscribers of the casual sex hookup site is now available for anyone to download from the Internet. Adult Friend Finder website , with a tagline " Hookup, Find Sex or Meet Someone Hot Now ," has been breached before April 13 in which nearly 4 Million users have had their personal details compromised. The details include subscribers' user names, email addresses, dates of birth, gender, sexual orientation, postal codes, and IP addresses, which is a treasure trove for online spammers and phishers. Database of nearly 4 Million users available online for 70 Bitcoins: The database has been available on an online forum hidden in Tor anonymity network, which is accessible only through
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.