The controversial hacker collective known as NullCrew claims to have breached the website of the Queen's Harbour Master (QHM.mod.uk), a domain operated by the United Kingdom’s Ministry of Defence.
“Your webmaster made a terrible mistake. You may criticize us on the simplicity of the vulnerability. But if you can get so much useful data so easily, why wouldn't you? We hope that all governments and organizations realize that #[Expletive]TheSystem is definitely not a joke,” the hackers wrote.
“We hope that you have the decency to grasp the concept of it,” they added.
They say they’ve leveraged an SQL Injection vulnerability in order to gain access to the website’s databases.
A number of 25 usernames and their affiliated passwords (in clear text) have apparently been leaked from the Plymouth section of the site.
In addition, over 3,400 user credentials have been published in the same document, allegedly belonging to users registered in the Portsmouth section of the QHM website.
It’s difficult at this point to determine if the information legitimately comes from the qgm.mod.uk website, especially considering that this particular hacker group is known for its “suspicious” data leaks. However, I’ve sent an inquiry to Ministry of Defence representatives in hopes that they can clarify the situation.