NASA Data Breach Discovered by Hackers
Members of two hacker collectives, Team r00tw0rm and Team inj3ct0r, identified an SQL injection vulnerability on one of the subdomains owned by NASA and hosted on the domainnasa.gov. By leveraging the security hole, the hackers obtained a 6 gigabyte database, but refused to disclose the name of the flawed subdomain to give the agency time to patch it up.
A sample of the database reveals information such as usernames, email addresses, names, IDs, login dates, passwords, and other data.“Complete Database is in GB’s, well we aren’t leaking it. We may keep all parts in our private home! Yet only little bit dump or few columns data is released just to inform NASA that being National Aeronautics and Space Administration you must also keep your servers up to date!”the hackers said.
They claim they informed NASA a few days ago, but since the organization failed to respond, they leaked part of the database to attract the agency’s attention.
More from ITN