Contributors
Jeremiah Grossman
(WhiteHat Security)

Ofer Shezaf
(Breach Security) [Project Leader]

The Web Hacking Incidents Database
Last update:17 February 2008

List of Incidents for a Classification

Please note that classifications are a new feature and not all entries in WHID are already classified, so when you get a certain number of entries for a classification, WHID might have more records matching that classification that we did not classify yet. We hope to complete the classification process soon.

Select classification:
Attack Method, Country, Location, Origin, Outcome, Software, Vertical

Select criteria for classification "Outcome":
Blackmail, Chaos, Deceit, Defacement, Disclosure Only, Downtime, Extortion, Identity Theft, Information Warfare, Leakage of Information, Link Spam, Loss of Sales, Monetary Loss, Phishing, Planting of Malware, Political Defacement, Spam, Worm

List of incidents for which Outcome is Loss of Sales
4 incidents listed
WHID 2007-52: Hacker halts Rivkin auction of 37 watches
Reported: 05 November 2007
Occurred: 05 November 2007

Classifications:

  • Attack Method: Denial of Service
  • Country: Australia
  • Outcome: Loss of Sales
  • Vertical: Retail

Seems that the there is a new trend to disrupt on line bidding using denial of service attacks. In this case, an auction for 37 very expensive watches was halted 20 minutes before the end as the site crashed, in what official sources describe as a hacker attack that did not result in a site compromise.

References:

WHID 2007-49: Hackers Block Sale of Colorado Rockies World Series Tickets
Reported: 25 October 2007
Occurred: 23 October 2007

Classifications:

  • Attack Method: Denial of Service
  • Country: USA
  • Outcome: Loss of Sales
  • Vertical: Sports

The site of the Rockies was taken down by a denial of service preventing fans from buying tickets for the World Series games.

Like any DDoS attack, it is very hard to know if it was an application layer or network layer attack, but since this attack had a very significant financial impact by crippling a web site, we think it deserve a place in WHID.

References:

WHID 2007-44: Hacker Breaks Into eBay Server, Locks Users Out
Reported: 10 October 2007
Occurred: 06 October 2007

Classifications:

  • Attack Method: Insufficient Authentication
  • Country: USA
  • Outcome: Loss of Sales
  • Vertical: Retail

A hacker exploited a leftover admin function on eBay to block users and close sales.

References:

WHID 2007-14: Your Free MacWorld Expo Platinum Pass
Reported: 02 April 2007
Occurred: 11 January 2007

Classifications:

  • Attack Method: Credential/Session Prediction
  • Country: USA
  • Outcome: Loss of Sales
  • Vertical: Technology

A priority code, used to get free platinum pass to MacWorld Expo, was validated on the client and enabled anyone get the pass for free. While "grutz" informed the organizers about it, when going over their log files they found out that others abused the vulnerability without letting anyone know about it.

References:


This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
 
© Copyright 2005, Web Application Security Consortium. All rights reserved.