Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


SQL Injection Enough to Hack a Government Website

data-breach-stforum

SQL injection is enough to hack the Hungarian Human Rights Foundation. This is exactly what security pentester Kapustkiy did, together with CyberZeist. The two got access to more than 20,000 accounts and personal information such as phone numbers and home addresses.

Hungarian Human Rights Foundation is easily hacked with an SQL injection.

Kapustkiy told Softpedia that the data breach happened via an SQL injection, which gave him access to databases that contained thousands of accounts. Some of the accounts were related to the US government, having the @state.gov suffix.

The pentester has only leaked some of the accounts, allowing IT admins to fix the flaw that led to the breach.

Softpedia says that he already contacted the Foundation, and they replied they will investigate the breach. However, the website still appears to be running.

Related: “Drupal” Ransomware Uses SQL Injection to Lock Drupal Websites

Organizations should always be prepared to handle incidents such as data breaches, especially when highly sensitive information is involved. Unfortunately, what happened with the website of the Hungarian Human Rights Foundation is the perfect illustration of the condition of multiple government institutions.

Kaputskiy’s pentesting work has revealed multiple vulnerabilities in high-profile websites, similar to the flaw which enabled him to hack the Italian government website.

Kapustkiy also infiltrated The Dipartimento della Funzione Pubblica.

The Italian government website was hacked last week, via a similar technique. The hacker said he obtained access to 45,000 accounts, more particularly to highly sensitive information such as login credentials, usernames and passwords.

The pentester managed to hack a number of government websites, like the Paraguay Embassy of Taiwan, the Indian Embassies in Switzerland, Mali, Romania, Italy, Malawi, and Libya.

Related: 8 Million GitHub Profiles Exposed Due to Vulnerability in Another Service

Shortly said, database information of thousands of users turned out to be just an injection away. It’s indeed astounding, how easy it is to hack government websites. The lack of timely reaction on behalf of the affected parties is also mind-boggling. It appears that government entities underestimate the value of personal information, and the ways it could be misused by third parties and black hat hackers.

Sotfpedia says they have contacted the Hungarian Human Rights Foundation for a statement, but still haven’t got a reply. Affected individuals are advised to change their passwords as soon as possible.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Newsletter
Subscribe to receive regular updates about the state of PC Security and latest threads.

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.