Contributors
Jeremiah Grossman
(WhiteHat Security)

Ofer Shezaf
(Breach Security ) [Project Leader]

The Web Hacking Incidents Database
Last update:07 November 2007

Incident WHID 2007-20

WHID 2007-20: Pirate Bay breach leaks database
Date: 10 May 2007
Incident Type: Security Breach
WASC Threat Classification: SQL Injection

Private Bay is a BitTorrent information exchange blog site. Hackers used an SQL Injection vulnerability in the web site to steal 1.6 million users and passwords of the site. At least the passwords where hashed, which means that the hacker would need a cracking software and only the lame passwords will be found. This incident highlights the Web authentication problem. Just think how many of those users use the same username and password in many other sites.

References:



This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
© Copyright 2005, Web Application Security Consortium. All rights reserved.