Oracle has chosen not to comment on an alleged hack of MySQL.com the site that has been smashed by cyber criminals on two occasions already this year.
A hacker going by the pseudonym D35M0ND142 posted information on Pastebin, claiming it came from, somewhat ironically, a MySQL.com database.
D35M0ND142 suggested the website owners had not fixed the site following two serious hack attacks this year. Oracle told IT Pro it had no comment on the matter.
The main problem is that unlike Microsoft or Google, many companies are not doing a good job in protecting those services.
Data included in the Pastebin post appeared to feature usernames, emails and passwords of various MySQL.com users. This purportedly included login details of Robin Schumacher, MySQL's director of product management.
Luis Corrons, technical director of PandaLabs, said it looked like the information could be real.
"This is one of the biggest problems we are facing nowadays: there are a number of online services we use, we have to register to get access to them and most of the users have the bad habit to reuse the password everywhere," Corrons told IT Pro.
"What is worse, in most of these services you have to give an email address, so if someone gets access to the database where all this information is stored you could have your email account hacked.
"The main problem is that unlike Microsoft or Google, many companies are not doing a good job in protecting those services."
In September, MySQL.com was found serving malware after security firm Amorize found some highly obfuscated JavaScript on the website.
In March, the website was compromised as a result of an SQL injection attack.
In that case, hackers posted a host of usernames and password hashes some of which had reportedly been decrypted onto Pastebin.
-
Third time lucky? Microsoft finally begins roll-out of controversial Recall featureNews The Windows Recall feature has been plagued by setbacks and backlash from security professionals
-
The UK government wants quantum technology out of the lab and in the hands of enterprisesNews The UK government has unveiled plans to invest £121 million in quantum computing projects in an effort to drive real-world applications and adoption rates.
-
Oracle breach claims spark war of words with security researchersNews A war of words has erupted between Oracle and cybersecurity researchers following claims the company suffered a security breach.
-
“By this time next year, Oracle employees won't be using passwords” — Larry Ellison wants a biometric future in cybersecurityNews The Oracle CTO hit out at passwords, calling them insecure and easy to steal
-
NetSuite vulnerability could leave thousands of websites exposedNews The issue stems from a misconfiguration of access controls in NetSuite's SuiteCommerce instances
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Oracle's massive advertising database operates without user consent, lawsuit claimsNews Rights organisers have accused Oracle of collecting an undue level of sensitive data to identify consumers online
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
