dcsimg

TeamBerserk Hackers Demo SQL Injection, Bank Theft

Download our in-depth report: The Ultimate Guide to IT Security Vendors

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Email  

Members of TeamBerserk recently released a video entitled "From SQLi to Bank Accounts," which appears to show the hackers using a SQL injection attack against the California ISP Sebastian to access a database of customers' e-mail addresses, user names and clear text passwords -- and then using that data to steal money from those customers.

If nothing else, the video serves as a vivid reminder of why it's extremely dangerous to use the same password on more than one Web site.

In one section of the video, the hacker simply copies and pastes one customer's user name and password from the Sebastian database into a bank's login page, then immediately accesses the customer's account. In another section, the hacker accesses a victim's Gmail account, then links from a saved e-mail to the user's PayPal account.

In total, the hackers claim to have stolen $100,000 from the victims' accounts.

While those claims haven't been verified in this instance, the video does demonstrate how disturbingly easy it is for hackers to leverage a stolen database to empty victims' bank accounts.

Submit a Comment

Loading Comments...