Posted by: Dan O'Connor
blind sql injection, mysql hack, SQL injection
Weekend break-in at mysql.com, there is a posting on the full disclosure mailing list here;
The posting includes the structure of the db also usernames and password hashes. I don’t see any postings from mysql.com acknowledging the breach.
Although the possible direct damage from this may have been defacement or maybe a malware ad, as in most places and from what happened with HBGary I bet there is password reuse going on. This could have lead to a more serious breach if there was accesses. I would think from how this was done that the hacker could not get any farther in from that system, I can’t seem them getting the database and just stopping.