Himpunan Info dan Fakta Menarik

* On November 1, 2005, a high school student used a SQL injection to break into the site of a Taiwanese information security magazine from the Tech Target group and steal customers' information.

* On January 13, 2006, Russian computer criminals broke into a Rhode Island government web site and allegedly stole credit card data from individuals who have done business online with state agencies.


* On March 29, 2006, Susam Pal discovered a SQL injection flaw in an official Indian government tourism site.

* On March 2, 2007, Sebastian Bauer discovered a SQL injection flaw in the knorr.de login page.

* On June 29, 2007, a computer criminal defaced the Microsoft U.K. website using SQL injection.. U.K. website The Register quoted a Microsoft spokesperson acknowledging the problem.

* In January 2008, tens of thousands of PCs were infected by an automated SQL injection attack that exploited a vulnerability in application code that uses Microsoft SQL Server as the database store.

* On April 13, 2008, the Sexual and Violent Offender Registry of Oklahoma shut down its website for 'routine maintenance' after being informed that 10,597 Social Security numbers from sex offenders had been downloaded via a SQL injection attack

* In May 2008, a server farm inside China used automated queries to Google's search engine to identify SQL server websites which were vulnerable to the attack of an automated SQL injection tool.

* In 2008,at least April through August, a sweep of attacks began exploiting the SQL injection vulnerabilities of Microsoft's IIS web server and SQL Server database server. The attack doesn't require guessing the name of a table or column, and corrupts all text columns in all tables in a single request. [20] A HTML string that references a malware JavaScript file is appended to each value. When that database value is later displayed to a website visitor, the script attempts several approaches at gaining control over a visitor's system. The number of exploited web pages is estimated at 500,000

* On August 17, 2009, the United States Justice Department charged an American citizen Albert Gonzalez and two unnamed Russians with the theft of 130 million credit card numbers using an SQL injection attack. In reportedly "the biggest case of identity theft in American history", the man stole cards from a number of corporate victims after researching their payment processing systems. Among the companies hit were credit card processor Heartland Payment Systems, convenience store chain 7-Eleven, and supermarket chain Hannaford Brothers.

* In December 2009, an attacker breached a RockYou! plaintext database containing the unencrypted usernames and passwords of about 32 million users by using a SQL injection attack.