Members of NullCrew recently leveraged an SQL injection vulnerability to breach the Web site for the UK’s Ministry of Defense and published more than 3,400 e-mail addresses and passwords online.
“The first indication of the hack came in an announcement by OfficialNull on Twitter at around midnight of 5 November: ‘We should have the database from the UK Ministry of Defence (mod.uk) up tonight for you guys,'” Infosecurity reports. “A few hours later a list of email addresses and passwords was dumped on Pastebin and AnonPaste. … The listed emails and passwords are all in plaintext.”
“The Navy email logins that were compromised belonged to staff who coordinate the shipping movements at three ports: Plymouth, Clyde and Portsmouth,” writes SC Magazine’s Tom Espiner.
“[The hackers tried] to trend [the] #FuckTheSystem hashtag on Twitter and related it to all their hacks against [the] UK government,” writes The Hacker News’ Mohit Kumar. “[The hackers] wrote [in a] note : ‘Your webmaster made a terrible mistake… You may criticize us on the simplicity of the vulnerability. But if you can get so much useful data so easily, why wouldn’t you?'”
“Who’s next? U.S. Department of Homeland Security,” the hackers warned the following day.