Ubuntu Linux developer Canonical has admitted that the data of 2 million of its forum users has been compromised, following the exploitation of a known SQL vulnerability. The flaw was found in the ‘Forumrunner’ add-on, which was left unpatched. User passwords have not been breached, but the attacker had access to the usernames, email addresses and IPs for the 2 million affected. Ryan O’Leary, VP Threat Research Centre at WhiteHat Security commented below.
Ryan O’Leary, VP Threat Research Centre at WhiteHat Security:
“SQL injection continues to be an easy avenue for hackers to cause harm or steal information from a database. According to our annual statistics report, around six per cent of websites have at least one SQL injection vulnerability. Six per cent may not seem like a large amount, but consider that six out of every 100 websites you use – that’s a staggeringly large amount – have this particularly nasty vulnerability.
“SQL injection is not the most difficult attack to execute. In fact, it’s one of the very first skills you learn when trying to attack a site, because of the prevalence of the flaw and ease of exploitation. Companies need to run a thorough vulnerability assessment and fix these critical, yet easy-to-exploit, vulnerabilities.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…