22k records stolen in Australian Defence Force Academy hack

Powered by SC Magazine
 

Database hit by SQL Injection

Some 22,300 purported student records held by the Australian Defence Force Academy were stolen and published online last month.

The details were still accessible via the public internet on an Anonymous-controlled public clipboard.

Records contained a mix of date of birth information, clear-text passwords and student identity numbers and ranks.

The University of Canberra in which the ADFA resides had warned students of possible phishing attacks but said the compromised passwords were mostly redundant, SMH reported.

Stolen records were obtained via a basic SQL Injection attack against what appeared to be an older database management system.

SQL Injection was the most prevalent security hole and has maintained its infamous number one spot in the OWASP Top Ten security priority list. 

The hacker using the alias Darwinaire had made a series of recent public hacks and disclosures, including dumping 600 Amazon UK user records online.

Copyright © SC Magazine, Australia


22k records stolen in Australian Defence Force Academy hack
 
 
 
Top Stories
Westpac interim CIO resigns
Group CIO yet to be appointed.
 
Five emerging technologies that will transform financial services
[Blog post] Far out ideas that aren't far off.
 
Earning the right to innovate
Breaking down the barriers to innovation is a long, but rewarding process, says Bank of Queensland Group CIO, Julie Bale.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  28%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 949

Vote