NullCrew hackers once again show their support for WikiLeaks founder Julian Assange. This time, they claim to have breached data.gov.uk – a UK government project that provides citizens with non-personal data which can be freely re-used.
They published a 700 megabyte archive that holds numerous .cvs files which contain all sorts of information. Although we haven’t spotted any sensitive details in the massive leak, the website does have a login section, which may mean that user credentials might have been obtained by the hackers.
Apparently, similar to other data breaches, the attackers exploited an SQL Injection vulnerability to gain access to the files.
He have sent an inquiry to data.gov.uk representatives a few hours before this post was published, but so far they haven’t responded. Hopefully, they can confirm or deny the hackers’ claims and provide further explanations. Update.
Data.gov.uk representatives have responded to our inquiry.
“We have seen no evidence to indicate a breach of security. The material claimed to have been stolen is and has always been openly available from data.gov.uk. It can be found at http://data.gov.uk/data/dumps
,” a Cabinet Office spokesman said.
“Security is something we take very seriously,” he added.
“The IT security arm of GCHQ and the Computer Emergency Response Team (GovCert) provides Government departments with guidance on how to protect against, detect and mitigate various types of cyber attack, as well as providing a single point of contact for reporting Government network security incidents. Government departments also have internal IT expertise available.”