Tasks and Objectives
An IT training campany from the US approached us after one of their instructors found their complete database on a website called pastebin.com. This notorious website is often used by hackers to share their successful breaches with others.
Fast Lane Services and Solution
We have quickly identified that the customer database has been held on a MySQL server with a web interface portal. On performing a full-scale Penetration test we were quickly able to replicate the attack and perform a complete SQL dump over the Internet.
The reason why this has been relatively easy is because the client hasn’t updated their MySQL server and relevant patches in almost 3 years. Our remediation report allowed the client to close this vulnerability (and a few other severe ones). However the client information has since been republished numerous times on the dark web and it’s almost impossible to contain data leakage once it has been made public. A simple SQL vulnerability can bring a whole business down both in terms of reputational damage as well as from a financial standpoint.