14 DAY TRIAL // A hacker known as xdev, part of b4lc4nh4ck, managed to breach the site of the University of Washington, leaking a small amount of data to prove that he gained access to the institution's servers. Judging by the latest incidents, the University of Washington is trying to patch up the vulnerabilities in their official website, but unfortunately, it seems they’re not trying hard enough.
At the beginning of February, a hacker part of Team INTRA managed to hack the university’s site by leveraging an SQL injection vulnerability. The website’s administrators acted quickly and patched up the security hole.
However, a couple of days later, hackers known as NOBODY and NOLIFE found another vulnerability and on this occasion they weren’t content with just disclosing the flaw, instead they leaked more than 6,000 record sets that included usernames, password hashes and host names.
It’s uncertain at the moment whether the hacker xdev managed to identify another vulnerability or he relied on the one found by NOBODY and NOLIFE.
We are currently waiting for a reply from the University of Washington regarding these incidents, so stay tuned to find out if anything has been done to address the issues.
Xdev is also responsible for breaching the online storage and file hosting service FileDen, scenario in which he wasn’t content with just leaking sample information from the databases. From the FileDen servers he published more than 4,500 account details on Pastebin.
Another hack signed by the same hacker was on the website of Video Games Plus, a Canadian gaming vendor. In this case, 21,000 users were exposed as a result of the breach.
At the time we’ve contacted Video Games Plus, but they failed to provide a statement regarding the security measures taken to protect their customers.