14 DAY TRIAL // A hacker that goes by the nickname of 1x0123 revealed he found an SQL injection flaw on one of the servers of Mossack Fonseca, the Panamanian firm involved in the massive data leak known as Panama Papers.
The hacker revealed the bug last Saturday, saying he found it in Mossack Fonseca's custom online payment system called Orion House, putting some of the server's configuration data inside a Paste.ee file.
1x0123 also took a screenshot of the email he sent to Mossack Fonseca's staff, informing them of their issue.
Mossack Fonseca may be probably too busy to answer him since they're still recovering from the massive data leak from last week when over 2.6 TB of internal documents, emails, and other files were revealed by a team of international reporters.
1x0123 discovered numerous flaws in other services
Exploring 1x0123's Twitter timeline, it's pretty clear that he's a grey hat hacker, an individual that hacks servers (which is illegal) but also notifies companies they've been hacked, providing details of their vulnerability (which is the responsible behavior).
Previously to notifying Mossack Fonseca, the same hacker informed Edward Snowden of a blind XSS (cross-site scripting) in the Piwik self-hosted analytics service used on the Freedom of the Press Foundation website, a project the US whistleblower is working on. Snowden thanked him personally in a tweet on Sunday.
Other companies to which he reported, or tried to report bugs, include NASA, Telegram, SourceForge, and the New York Times.
From his tweets, 1x0123 seems to be the same person that attempted to sell access to the LA Times dashboard last week after he leveraged a vulnerability in the Advanced XML Reader WordPress plugin.
Additionally, screenshots on the hacker's profile indicate that he may also have access to tens of thousands of user accounts, complete with plaintext passwords, belonging to adult site Naughty America.
#MossackFonseca privatehttps://t.co/aWiTdjfE88 pic.twitter.com/jCfd38UuPd — 1x0123 (@1x0123) April 9, 2016
Thanks to @1x0123 for reporting a piwik vulnerability to @FreedomofPress! Great work. Got a bug report? Please contact @ageis with details. — Edward Snowden (@Snowden) April 10, 2016
#latimes.com wordpress plugin vulnerability escalation to upload shell on server + take over domains. pic.twitter.com/smVEi2pPKL — 1x0123 (@1x0123) April 6, 2016
@naughtyamerica can you DM? pic.twitter.com/QBFxycozmr — 1x0123 (@1x0123) March 31, 2016
#sourceforge pic.twitter.com/2qCbVtDDnv — 1x0123 (@1x0123) April 8, 2016
#NASA pic.twitter.com/pQ2dt5kosQ — 1x0123 (@1x0123) April 8, 2016