recommended reading

Threatwatch

S. Korean Freshman Busts into 280,000 E-commerce and Government Accounts

Data dump; Network intrusion; Stolen credentials; Unauthorized use of system administrator privileges; User accounts compromised; Software vulnerability

A 20-year-old student allegedly hacked websites across 24 countries, after watching YouTube videos on how to take advantage of software glitches.  

He leaked more than 10,000 passwords on his blog and online hacking forums, allegedly using some of the credentials to snoop into emails and fraudulently charge purchases. He also is accused of accessing the site of a South Korean state institution by using the stolen credentials of a civil servant.

The college freshman, in total, collected information from about 280,000 accounts.

“His main targets were low-security websites such as independently run shopping websites,” Yonhap reports. His tactics included “SQL injection,” a technique in which malicious code is injected into databases, and cross-site scripting, or inserting commands into websites.

The student, who learned how to hack from online videos and websites, wanted to "be recognized by other hackers," police said. 

sector

Government (Foreign); Retailer

reported

November 6, 2014

reported by

Yonhap News Agency

number affected

280,000 accounts

location of breach

Unknown

perpetrators

College Student

location of perpetrators

Seoul, South Korea

date breach occurred

between November 2013 and August 2014

date breach detected

Unknown