D35m0nd142, the hacker from Germany, has managed to breach a website owned by Foxconn, the major electronics manufacturer. The subdomain he penetrated, cq.foxconn.com, appears to belong to the factory from Chongqing, China.
The hacker has exploited a Blind SQL Injection vulnerability to gain access to a database which contains, among other things, the details of users, including email addresses and passwords.
Usually, when someone hacks a Foxconn site, it is a form of protests against the poor working conditions. However, this is not the case. D35m0nd142 has contacted Foxconn to tell them about the vulnerability and has redacted all the sensitive information to make sure it can’t be misused.
“My attack hasn't any malicious or political purposes, just a usual attack in order to retrieve bugs in a big website,” the hacker said.
Currently, users who try to access the cq.foxconn.com site are prompted to enter a username and a password.
According to the hacker, the site could be accessed without login credentials on Monday, so this might indicate that Foxconn is working on addressing the issues.