Web Application Security Consortium - Web hacking Incidents Database (WHID)

Reported: 10 February 2008
Occurred: 09 February 2008

Classifications:

Attack Method: Unknown
Country: USA
Outcome: Leakage of Information
Vertical: Entertainment

Sensitive information about people who created an account on the site leaked and was published through IRC.

References:

Stage 6 - Hacking
Reference, Wikipedia, 09 February 2008

WHID 2008-04: RIAA web site cleared

Reported: 22 January 2008
Occurred: 20 January 2008

Classifications:

Attack Method: Cross Site Scripting (XSS)
Attack Method: SQL Injection
Attack Method: Denial of Service
Attack Method: SQL Injection
Country: Global
Country: USA
Outcome: Defacement
Outcome: Downtime
Outcome: Defacement
Vertical: Entertainment

The web site of RIAA, the Recording Industry Association of America was attacked twice using SQL injection over the weekend. First a query that takes particularly long time was posted on a social network web site causing a distributed denial of service attack against the site. Later on hackers found and abused additional SQL injection and XSS vulnerabilities resulting in major defacement of the site.

References:

RIAA wiped off the net
News Story, The Register, 21 January 2008
This link runs a slooow SQL query on the RIAA's server. Don't click it; that would be wrong
Attack Code, Reddit, 20 January 2008
RIAA Website Wiped Clean by "Hackers"
Blog Entry, Torrent Freak, 20 January 2008

This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.