CyberSecurityBoard
Sponsor Register Login

Millions of User Records Stolen From 65 Websites via SQL Injection Attacks

Between November and December 2023, a threat actor successfully stole more than two million email addresses and other personal information from at least 65 websites, threat intelligence firm Group-IB reports.
Mainly relying on SQL injection attacks, the hacking group, tracked as ResumeLooters, has been active since early 2023, selling the stolen information on Chinese-speaking hacking-themed Telegram groups.
As part of the November-December campaign, the group primarily hit sites in India, Taiwan, Thailand, Vietnam, and China.
The group mainly focused on compromising retail and recruitment websites, but victims in the professional services, delivery, real estate, and investment sectors were also identified.
The observed attacks resembled those launched by GambleForce, a threat actor relying on SQL injections to compromise gambling and government websites in Asia-Pacific.
The same as GambleForce, ResumeLooters was seen using various open source tools and penetration testing frameworks in its SQL injection attacks.
The main difference is that ResumeLooters has also used XSS scripts injected into legitimate job search websites, meant to display phishing forms and harvest administrative credentials.
The scripts were executed on at least four websites and on some devices with administrative access.
In one instance, the group created a fake employer profile on a recruitment website, and injected an XSS script using one of the fields in the profile.
In another instance, XSS code was included in a fake CV. Through the injection of malicious SQL queries, the threat actor was able to retrieve databases containing close to 2.2 million rows, more than 500,000 of which represented user data from employment websites.
Fueled by poor security and inadequate database management practices, these attacks demonstrate how much damage can be done with publicly available tools, Group-IB notes, pointing out that companies can easily avoid falling victims to groups like GambleForce and ResumeLooters.


This Cyber News was published on www.securityweek.com. Publication date: Tue, 06 Feb 2024 16:13:03 +0000


Cyber News related to Millions of User Records Stolen From 65 Websites via SQL Injection Attacks

Electronic Frontier Foundation - We're not just talking about the ballot box, but the everyday power we all have to demand government agencies make their records and data available to public scrutiny. At every level of government in the United States, there are laws that empower the ...
1 year ago Eff.org
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Data Breaches in US Schools Exposed 37.6M Records - Since 2005, educational institutions in the United States have experienced 3713 data breaches, impacting over 37.6m records. According to new data by Comparitech, 2023 marked a record year, with 954 breaches recorded - a dramatic rise from 139 in ...
11 months ago Infosecurity-magazine.com
Millions of User Records Stolen From 65 Websites via SQL Injection Attacks - Between November and December 2023, a threat actor successfully stole more than two million email addresses and other personal information from at least 65 websites, threat intelligence firm Group-IB reports. Mainly relying on SQL injection attacks, ...
1 year ago Securityweek.com
'ResumeLooters' Attackers Steal Millions of Career Records - Attackers used SQL injection and cross-site scripting to target at least 65 job-recruitment and retail websites with legitimate penetration-testing tools, stealing databases containing more than 2 million emails and other personal records of job ...
1 year ago Darkreading.com
'Sex life data' stolen from UK government among record number of ransomware attacks - Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year. It is not known which department the information ...
1 year ago Therecord.media
361 million stolen accounts leaked on Telegram added to HIBP - A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check ...
9 months ago Bleepingcomputer.com
Many popular websites still cling to password creation policies from 1985 - A significant number of popular websites still allow users to choose weak or even single-character passwords, researchers at Georgia Institute of Technology have found. The researchers used an automated account creation method to assess over 20,000 ...
1 year ago Helpnetsecurity.com
D-Link confirms data breach after employee phishing attack - Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month. The attacker claims to have stolen source code for D-Link's D-View ...
1 year ago Bleepingcomputer.com
Hacker leaks millions of new 23andMe genetic data profiles - A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum. Earlier this month, a threat actor leaked the stolen data of 1 million Ashkenazi Jews who used 23andMe ...
1 year ago Bleepingcomputer.com Rocke Hunters
Have I Been Pwned adds 71 million emails from Naz.API stolen account list - Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service. The Naz.API dataset is a massive collection of 1 billion credentials compiled using ...
1 year ago Bleepingcomputer.com
Apple-backed data breach report says 2.6 billion records leaked in 2 years - An Apple-commissioned data breach report found 2.6 billion records were stolen by hackers between 2021 and 2022. The report by MIT Professor of Information Technology Stuart Madnick, published Thursday, said breaches were up by 20% in the first three ...
1 year ago Scmagazine.com LockBit
Is Your Online Store Hacked in a Carding Attack? - Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using carding attacks as we gear up for the holiday season shopping. Online companies selling products or services are struggling with the growing ...
1 year ago Cybersecuritynews.com
Nigerian gets 10 years for laundering millions stolen from elderly - Nigerian man Olugbenga Lawal was sentenced on Monday to 10 years and one month in prison for conspiring to launder millions stolen from elderly victims in internet fraud schemes. Elder fraud encompasses scenarios where their financial assets, ...
1 year ago Bleepingcomputer.com
Ransomware Attack Demands Reach a Staggering $5.2m in 2024 - The average extortion demand per ransomware attack was over $5.2m in the first half of 2024, according to a new analysis by Comparitech. This figure was calculated from 56 known ransom demands issued by threat actors from January-June 2024. The ...
9 months ago Infosecurity-magazine.com 8base LockBit Inc ransom Akira Qilin Medusa
Millions of user records exposed by 900+ sites via Firebase The Register - At least 900 websites built with Google's Firebase, a cloud database, have been misconfigured, leaving credentials, personal info, and other sensitive data inadvertently exposed to the public internet, according to security researchers. Among these ...
1 year ago Go.theregister.com
Wyden Releases Documents Confirming the NSA Buys Americans' Internet Browsing Records - PRESS RELEASE. Washington, D.C. - U.S. Senator Ron Wyden, D-Ore., released documents confirming the National Security Agency buys Americans' internet records, which can reveal which websites they visit and what apps they use. In response to the ...
1 year ago Darkreading.com
Hacker from ShinyHunters Group Arrested for Breaching Company - A 22-year-old French citizen, Sebastian Raoult, has been sentenced to three years in prison and ordered to pay over $5 million in restitution for his role in a sprawling cybercrime ring that hacked and exploited the data of millions across the globe. ...
1 year ago Cybersecuritynews.com
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
1 year ago Blog.checkpoint.com
Data allegedly stolen in Ticketmaster hack - A group of hackers say they have stolen the personal details of 560 million Ticketmaster customers. ShinyHunters, the group claiming responsibility, says the stolen data includes names, addresses, phone numbers and partial credit card details from ...
10 months ago Packetstormsecurity.com Hunters
Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning - Our structured query language (SQL) injection detection model detected triggers containing unusual patterns that did not correlate to any known open-source or commercial automated vulnerability scanning tool. We have tested all malicious payloads ...
6 months ago Unit42.paloaltonetworks.com
Innovative Legal Move Restores Hospital's Stolen Information - There has been a handover of patient data stolen by the notorious LockBit gang from a cloud computing company to a New York hospital alliance that is partnered with that company. There was a lawsuit filed by the North Star Health Alliance - a group ...
1 year ago Cysecurity.news LockBit
Secretary Fined For Accessing Scores of Patient Records - A former NHS secretary has been fined by the data protection regulator after illegally accessing the medical records of over 150 people. The Information Commissioner's Office said that a complaint was first lodged back in June 2019, after a patient ...
1 year ago Infosecurity-magazine.com
You should be worried about cloud squatting - Most security issues in the cloud can be traced back to someone doing something stupid. I do see misconfigured cloud resources, such as storage and databases, that lead to vulnerabilities that could easily be avoided. Although cloud squatting is ...
1 year ago Infoworld.com
What is SEO Poisoning Attack? - Search engine optimization (SEO) poisoning is a type of cyber attack that infiltrates search results. It consists of malicious search engine results created by an attacker attempting to redirect someone to malicious or vulnerable webpages. It is a ...
2 years ago Heimdalsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)