[Dataloss] MLSgear.com site hit by SQL injection attacks; personal data of customers compromised
lyger
lyger at attrition.org
Sat Feb 9 00:30:02 UTC 2008
http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9061858&taxonomyId=17&intsrc=kc_top
A series of SQL injection attacks on servers hosted by a third-party
service provider has compromised the personal data of an unspecified
number of individuals who had shopped on Major League Soccer's MLSgear.com
Web site.
The compromised information included names, addresses, credit and debit
card data, and MLSgear.com passwords, MLS President Mark Abbott said in a
letter sent to affected individuals on Feb. 1. MLSgear.com is the soccer
league's official online store.
The incident was first reported by PogoWasRight.org, a blog that tracks
data breaches. The blog site also posted a link to a notice that was sent
by MLSgear.com to the office of New Hampshire's attorney general,
informing the AG of the breach and saying that it affected 169 New
Hampshire residents
[...]
More information about the Dataloss
mailing list