CyberSecurityBoard
Sponsor Register Login

Millions of User Records Stolen From 65 Websites via SQL Injection Attacks

Between November and December 2023, a threat actor successfully stole more than two million email addresses and other personal information from at least 65 websites, threat intelligence firm Group-IB reports.
Mainly relying on SQL injection attacks, the hacking group, tracked as ResumeLooters, has been active since early 2023, selling the stolen information on Chinese-speaking hacking-themed Telegram groups.
As part of the November-December campaign, the group primarily hit sites in India, Taiwan, Thailand, Vietnam, and China.
The group mainly focused on compromising retail and recruitment websites, but victims in the professional services, delivery, real estate, and investment sectors were also identified.
The observed attacks resembled those launched by GambleForce, a threat actor relying on SQL injections to compromise gambling and government websites in Asia-Pacific.
The same as GambleForce, ResumeLooters was seen using various open source tools and penetration testing frameworks in its SQL injection attacks.
The main difference is that ResumeLooters has also used XSS scripts injected into legitimate job search websites, meant to display phishing forms and harvest administrative credentials.
The scripts were executed on at least four websites and on some devices with administrative access.
In one instance, the group created a fake employer profile on a recruitment website, and injected an XSS script using one of the fields in the profile.
In another instance, XSS code was included in a fake CV. Through the injection of malicious SQL queries, the threat actor was able to retrieve databases containing close to 2.2 million rows, more than 500,000 of which represented user data from employment websites.
Fueled by poor security and inadequate database management practices, these attacks demonstrate how much damage can be done with publicly available tools, Group-IB notes, pointing out that companies can easily avoid falling victims to groups like GambleForce and ResumeLooters.


This Cyber News was published on www.securityweek.com. Publication date: Tue, 06 Feb 2024 16:13:03 +0000


Cyber News related to Millions of User Records Stolen From 65 Websites via SQL Injection Attacks

Electronic Frontier Foundation - We're not just talking about the ballot box, but the everyday power we all have to demand government agencies make their records and data available to public scrutiny. At every level of government in the United States, there are laws that empower the ...
3 months ago Eff.org
Data Breaches in US Schools Exposed 37.6M Records - Since 2005, educational institutions in the United States have experienced 3713 data breaches, impacting over 37.6m records. According to new data by Comparitech, 2023 marked a record year, with 954 breaches recorded - a dramatic rise from 139 in ...
1 month ago Infosecurity-magazine.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
7 months ago Esecurityplanet.com
Millions of User Records Stolen From 65 Websites via SQL Injection Attacks - Between November and December 2023, a threat actor successfully stole more than two million email addresses and other personal information from at least 65 websites, threat intelligence firm Group-IB reports. Mainly relying on SQL injection attacks, ...
5 months ago Securityweek.com
'Sex life data' stolen from UK government among record number of ransomware attacks - Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year. It is not known which department the information ...
7 months ago Therecord.media
'ResumeLooters' Attackers Steal Millions of Career Records - Attackers used SQL injection and cross-site scripting to target at least 65 job-recruitment and retail websites with legitimate penetration-testing tools, stealing databases containing more than 2 million emails and other personal records of job ...
5 months ago Darkreading.com
361 million stolen accounts leaked on Telegram added to HIBP - A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check ...
1 week ago Bleepingcomputer.com
Many popular websites still cling to password creation policies from 1985 - A significant number of popular websites still allow users to choose weak or even single-character passwords, researchers at Georgia Institute of Technology have found. The researchers used an automated account creation method to assess over 20,000 ...
6 months ago Helpnetsecurity.com
D-Link confirms data breach after employee phishing attack - Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month. The attacker claims to have stolen source code for D-Link's D-View ...
7 months ago Bleepingcomputer.com
Hacker leaks millions of new 23andMe genetic data profiles - A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum. Earlier this month, a threat actor leaked the stolen data of 1 million Ashkenazi Jews who used 23andMe ...
7 months ago Bleepingcomputer.com
Have I Been Pwned adds 71 million emails from Naz.API stolen account list - Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service. The Naz.API dataset is a massive collection of 1 billion credentials compiled using ...
5 months ago Bleepingcomputer.com
Apple-backed data breach report says 2.6 billion records leaked in 2 years - An Apple-commissioned data breach report found 2.6 billion records were stolen by hackers between 2021 and 2022. The report by MIT Professor of Information Technology Stuart Madnick, published Thursday, said breaches were up by 20% in the first three ...
6 months ago Scmagazine.com
Is Your Online Store Hacked in a Carding Attack? - Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using carding attacks as we gear up for the holiday season shopping. Online companies selling products or services are struggling with the growing ...
7 months ago Cybersecuritynews.com
Nigerian gets 10 years for laundering millions stolen from elderly - Nigerian man Olugbenga Lawal was sentenced on Monday to 10 years and one month in prison for conspiring to launder millions stolen from elderly victims in internet fraud schemes. Elder fraud encompasses scenarios where their financial assets, ...
5 months ago Bleepingcomputer.com
Millions of user records exposed by 900+ sites via Firebase The Register - At least 900 websites built with Google's Firebase, a cloud database, have been misconfigured, leaving credentials, personal info, and other sensitive data inadvertently exposed to the public internet, according to security researchers. Among these ...
3 months ago Go.theregister.com
Wyden Releases Documents Confirming the NSA Buys Americans' Internet Browsing Records - PRESS RELEASE. Washington, D.C. - U.S. Senator Ron Wyden, D-Ore., released documents confirming the National Security Agency buys Americans' internet records, which can reveal which websites they visit and what apps they use. In response to the ...
5 months ago Darkreading.com
Ransomware Attack Demands Reach a Staggering $5.2m in 2024 - The average extortion demand per ransomware attack was over $5.2m in the first half of 2024, according to a new analysis by Comparitech. This figure was calculated from 56 known ransom demands issued by threat actors from January-June 2024. The ...
5 days ago Infosecurity-magazine.com
Hacker from ShinyHunters Group Arrested for Breaching Company - A 22-year-old French citizen, Sebastian Raoult, has been sentenced to three years in prison and ordered to pay over $5 million in restitution for his role in a sprawling cybercrime ring that hacked and exploited the data of millions across the globe. ...
5 months ago Cybersecuritynews.com
Data allegedly stolen in Ticketmaster hack - A group of hackers say they have stolen the personal details of 560 million Ticketmaster customers. ShinyHunters, the group claiming responsibility, says the stolen data includes names, addresses, phone numbers and partial credit card details from ...
1 month ago Packetstormsecurity.com
Innovative Legal Move Restores Hospital's Stolen Information - There has been a handover of patient data stolen by the notorious LockBit gang from a cloud computing company to a New York hospital alliance that is partnered with that company. There was a lawsuit filed by the North Star Health Alliance - a group ...
5 months ago Cysecurity.news
Update your iPhone and turn on Stolen Device Protection ASAP. Here's why - Apple has rolled out a new update that promises to better secure your iPhone from the bad guys. Released on Monday, iOS 17.3 kicks in a few helpful new features, including Apple Music playlist sharing and AirPlay support for hotel room TVs. But the ...
5 months ago Zdnet.com
Secretary Fined For Accessing Scores of Patient Records - A former NHS secretary has been fined by the data protection regulator after illegally accessing the medical records of over 150 people. The Information Commissioner's Office said that a complaint was first lodged back in June 2019, after a patient ...
7 months ago Infosecurity-magazine.com
You should be worried about cloud squatting - Most security issues in the cloud can be traced back to someone doing something stupid. I do see misconfigured cloud resources, such as storage and databases, that lead to vulnerabilities that could easily be avoided. Although cloud squatting is ...
6 months ago Infoworld.com
Romance Scammers are Adopting Approval Phishing Tactics - Romance scams are labor-intensive and time-consuming schemes to run. They can be lucrative, pulling in millions in stolen cryptocurrency, but they also can end up going nowhere if the targeted victim becomes suspicious or the bad actor decides there ...
6 months ago Securityboulevard.com
Hackers Leak 50 Million Records in 'Free Leaksmas' Spree - Hackers leaked around 50 million records full of private information. According to cybersecurity company Resecurity, they noticed that right before Christmas Eve, various hackers released a lot of data all at once. Some of this data seemed to come ...
6 months ago Cysecurity.news

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)