Categories
Archive

Theory: T-Mobile Web Site Victimized by Injection Attacks

ComputerWorld is speculating that the recent compromise of T-Mobile account data by hackers was a result of SQL “injection” attacks:

Koziol speculated that Jacobsen used a SQL injection attack to compromise T-Mobile’s servers and noted that, as of his posting, there were “literally hundreds of injection vulnerabilities littered throughout the T-Mobile website,” according to his blog, “Ethical Hacking and Computer Forensics.”
In a SQL injection attack, attackers use a SQL database query to send, or “inject,” unexpected commands into a SQL database, allowing them to manipulate the database’s contents.

What’s T-Mobile doing to protect customer’s data? The company has been suspiciously quiet on the issue.


ComputerWorld is speculating that the recent compromise of T-Mobile account data by hackers was a result of SQL “injection” attacks:

Koziol speculated that Jacobsen used a SQL injection attack to compromise T-Mobile’s servers and noted that, as of his posting, there were “literally hundreds of injection vulnerabilities littered throughout the T-Mobile website,” according to his blog, “Ethical Hacking and Computer Forensics.”
In a SQL injection attack, attackers use a SQL database query to send, or “inject,” unexpected commands into a SQL database, allowing them to manipulate the database’s contents.

What’s T-Mobile doing to protect customer’s data? The company has been suspiciously quiet on the issue.

By Jason O'Grady

Founded the PowerPage in 1995.