Contributors
Jeremiah Grossman
(WhiteHat Security)

Ofer Shezaf
(Breach Security) [Project Leader]

The Web Hacking Incidents Database
Last update:17 February 2008

List of Incidents for a Classification

Please note that classifications are a new feature and not all entries in WHID are already classified, so when you get a certain number of entries for a classification, WHID might have more records matching that classification that we did not classify yet. We hope to complete the classification process soon.

Select classification:
Attack Method, Country, Location, Origin, Outcome, Software, Vertical

Select criteria for classification "Vertical":
Education, Entertainment, Finance, Government, Health, Information Services, Internet, Marketing, Media, Politics, Retail, Security & Law Enforcement, Service Providers, Sports, Technology

List of incidents for which Vertical is Sports
3 incidents listed
WHID 2007-84: Soccer league's online shoppers get kicked by security breach
Reported: 10 February 2008
Occurred: 01 August 2007

Classifications:

  • Attack Method: SQL Injection
  • Country: USA
  • Outcome: Leakage of Information
  • Vertical: Sports

It is already February, and we still add 2007 incidents. If you wonder why, it is because organizations such as MLS only now find out that they were hacked last year! Sometime between January and August of 2007, names, addresses, credit and debit card data, and passwords of an unknown number of people, including 169 New Hampshire residents were stolen from the site.

Why New Hampshire? Because the company has to report to the authorities there about the incidents, but only specify the number of individuals from this state affected. Why only New Hampshire? Since regulations and bills requiring disclosures exist in many states, one would expect that the company would have to provide such a testimonial in many states. This incident is another good example of the size of the hidden part of the iceberg.

References:

WHID 2007-49: Hackers Block Sale of Colorado Rockies World Series Tickets
Reported: 25 October 2007
Occurred: 23 October 2007

Classifications:

  • Attack Method: Denial of Service
  • Country: USA
  • Outcome: Loss of Sales
  • Vertical: Sports

The site of the Rockies was taken down by a denial of service preventing fans from buying tickets for the World Series games.

Like any DDoS attack, it is very hard to know if it was an application layer or network layer attack, but since this attack had a very significant financial impact by crippling a web site, we think it deserve a place in WHID.

References:

WHID 2007-10: Super Bowl Site Hacked with Trojan, Key logger
Reported: 30 March 2007
Occurred: 02 February 2007

Classifications:

  • Attack Method: Unknown
  • Country: USA
  • Outcome: Planting of Malware
  • Vertical: Sports

Hackers penetrated the Dolphins stadium web site just days before the Super Bowl was held there and modified the home page to include a Trojan inflecting script.

References:


This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
 
© Copyright 2005, Web Application Security Consortium. All rights reserved.