Members of TeamBerserk recently released a video entitled "From SQLi to Bank Accounts," which appears to show the hackers using a SQL injection attack against the California ISP Sebastian to access a database of customers' e-mail addresses, user names and clear text passwords -- and then using that data to steal money from those customers.
If nothing else, the video serves as a vivid reminder of why it's extremely dangerous to use the same password on more than one Web site.
In one section of the video, the hacker simply copies and pastes one customer's user name and password from the Sebastian database into a bank's login page, then immediately accesses the customer's account. In another section, the hacker accesses a victim's Gmail account, then links from a saved e-mail to the user's PayPal account.
In total, the hackers claim to have stolen $100,000 from the victims' accounts.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
While those claims haven't been verified in this instance, the video does demonstrate how disturbingly easy it is for hackers to leverage a stolen database to empty victims' bank accounts.