UK: Ministry of defence hacked, 3,400+ Credentials leaked
The United Kingdom’s ministry of defence website servers (https://www.mod.uk) came under attack yesterday from null crew hackers Null (@OfficialNull) and Timoxeline (@Timoxeline) who have obtained data from the breach which has now been published for everyone to see. @OfficialNull tweeted the breach not to long ago which is said to of been carried out by a very simple SQL injection method. The leak was posted to anonpaste and contains the following message.
Your webmaster made a terrible mistake… You may criticize us on the simplicity of the vulnerability. But if you can get so much useful data so easily, why wouldn’t you? We hope that all governments and organizations realize that #FuckTheSystem is definitely not a joke. We hope that you have the decency to grasp the concept of it. But hey… You’re the government right… Just some butthurt little fags. This security just proves how much of a joke our governments are. Vulnerability => Easy as fuck SQL Injection.
The rest of the leak data is the raw output for the /etc/passwd file and a list of users from its database. The user accounts have been broken up into a few parts and the very first one is most interesting with a 123 123 username and password combination. All the leaked accounts are in clear text and many of the user accounts contain usernames, emails and password. all together we found 3452 emails. All accounts have been processed by ozdc.net.