SQL Injection vulnerabilities leads to massive attack that exposes over a million accountsA recent online attack from a hacker group called Team GhostShell has targeted more than 100 websites from banks, stock exchange, police departments, and consulting firms, to law firms, and several companies from many other different sectors.

Some of the hacked organizations and companies include CIA Services, Commerce Bank of Wyoming, Triage Consulting, Garret Group, Lion Capital, Thailand’s Navy, Chesley Consulting and the European Strabismological Association.

Team GhostShell used automated free SQL Injection tools to exploit SQL Injection vulnerabilities and hack into websites and content management systems in order to retrieve documents which contain sensitive information and credentials. The leaked information includes usernames, passwords, email addresses, salary details and other important confidential information. As usual, unfortunately, many accounts had extremely weak passwords such as ‘123456,’ stressing the need to ensure you always use strong passwords.

Moreover, the hacker group said that they possess access points to more than 110 billion databases from Chinese and US mainframes, including servers that belong to the US Department of Homeland Security. The hacker’s statement also says that the attack was part of what they call “Project Hellfire,” an ongoing form of protest against banks, politicians and arrested hackers.

Once again, exploiting an SQL Injection vulnerability seems to be a hackers first choice in order to breach websites, exploit their databases and gather sensitive information. Ensure your website is not vulnerable to SQL Injection vulnerabilities by downloading the trial of Acunetix Web Vulnerability Scanner.


Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.