UPDATE, December 21: The website has been taken offline, but we're still waiting for a confirmation to see if this is related to vulnerability patching or not.
UPDATE, December 20: The Computer Security Incident Response Team Slovakia has offered a response to the attack, saying that the site admins have been notified of the breach and an investigation is under way. Original story below.
The official website of the Slovak Chamber of Commerce and Industry (scci.sk) got hacked this morning, with details of approximately 8,000 users being exposed during the breach.
Kapustkiy, who is now part of the New World Hackers group, accessed sensitive details of thousands of accounts, but decided to leak only some 4,000. These details include names, phone numbers, hashed passwords, and emails, and Kapustkiy told us that he discovered user logins as well.
The breach has already been reported to the site administrators, but the site is still up and running at the time of writing this article, so it remains to be seen how fast they manage to patch the vulnerability.
It goes without saying that users whose details are included in the hacked database are exposed to additional risks, so changing passwords is the first thing everyone should do, especially if the same credentials are being used elsewhere.
Kapustkiy said he contacted the site administrators as well and he’s also waiting for an answer, and the leaked details are supposed to be living proof that a database was indeed breached. The method he used was an SQL injection, which eventually provided him with access to details of thousands of users.
The countdown begins
On the other hand, it’ll be interesting to see how fast IT admins actually manage to address this hack, especially because the website also has bugs that shouldn’t normally be there on the website of a chamber of commerce.
For example, when trying to open the form to add a trade offer, users are provided with the following error which, according to readers, has been there for a long time:
Notice: Undefined index: wlang in /var/www/sopk.sk/web-sopk/notes-abo.php on line 35
Furthermore, at a closer inspection, we also discovered at least one broken link on the English version of the website, which is just another sign that more time for maintenance may be needed.