Just after 24 hours of the hack of the Indian Institute of Technology – IIT Bombay, Cryptolulz666 notified me another data breach, he hacked the database of the Indian Institute of Technology Kharagpur, the second of the country.
Cryptolulz666 broke into the database of the Indian Institute of Technology Kharagpur and accessed users data, including emails, passwords, phone numbers, and security questions.
The hacker told me to have accessed data belonging to 12000 plus users, but as proof of the hack, he leaked only a small portion of them on Pastebin.
When I asked more details about the data breach he told be that he found a SQL injection flaw in the website.
“In this hack, I triggered an error based SQL injection… and I leaked the data on Pastebin” the hacker told me.
The database contains had around 12555 users but I just leaked even less than a quarter of it as the institution might get sued on this info disclosure.
Once again the hacker highlights the lack of security of the organizations. His intent is creating awareness amongst the authorities.
“If you make a website to you definitely have to protect it on every aspect.” he added.
Cryptolulz666 explained that many hackers would love to get their hands on such kind of data so it is important to address these flaws before them.
Last week Cryptolulz666 broke into the database of the website of Russian embassy of Armenia (www.embassyru.am) and leaked data. The hacker also launched DDoS attacks against a Russian and Italian Government websites.
(Security Affairs – Cryptolulz666, Indian Institute of Technology Kharagpur)