MySQL.com compromised by SQL injection

This day just had to come:

MySQL.com compromised

MySQL.com (the official site for the MySQL database) was compromised via (shocking!) blind SQL injection. A post was sent today to the full disclosure list explaining the issue and dumping part of their internal database structure.

What is worse is that they also posted the password dump online and some people started to crack it already. Some of the findings are pretty bad, like that the password used by the MySQL director of product management is only 4 numbers (6661) and also posted multiple admin passwords for blogs.mysql.com…

MySQL have not said anything about this attack, but we will post more details as we learn more about it.

Source: Sucuri

The irony.

Leave a Reply

Your email address will not be published. Required fields are marked *