The latest target of the hacker collective known as NullCrew is the website of world-renowned car manufacturer Ford.
The hackers claim to have leveraged an SQL Injection vulnerability in order to gain access to the databases behind the social.ford.com subdomain. As a result of the breach, database and table names, customer usernames – represented by email addresses – and encrypted passwords have been leaked.
In total, 18 credential sets have been published online. Most of the affected individuals appear to be employed at an ad agency called Team Detroit.
Judging by the email addresses, the breach seems to be legitimate because the information made available by the hackers doesn’t appear to be published anywhere else online.
I’ve reached out to Ford representatives hopping that they can clarify the matter. I’ll update the article as soon as they respond.
Update. Scott Monty of Ford Global Digital Communications has responded to my inquiry.
"No confidential information was compromised by the incident. Our teams have been working on determining how this happened and have changed all site passwords as a precaution," he said.