SPIROL International, a US and European manufacturer and distributor of pins, inserts, and brass nuts for plastic components was breached by the hacker group called DeleteSec.
The leaked data contained the email addresses of over 70,000 of the company’s customers and also some records contained around 886 passwords.
The hackers informed that they leveraged an SQL Injection in the news section of the site to gain access to the data.
And the files were leaked after SPIROL allegedly threatened to have the hackers arrested.
TPRM report: https://scoringcyber.rankiteo.com/company/spirol
"id": "spi162851222",
"linkid": "spirol",
"type": "Breach",
"date": "02/2014",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Over 70,000',
'industry': 'Manufacturing',
'location': ['US', 'Europe'],
'name': 'SPIROL International',
'type': 'Manufacturer and Distributor'}],
'attack_vector': 'SQL Injection',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': ['Over 70,000 email addresses',
'886 passwords'],
'type_of_data_compromised': ['Email addresses', 'Passwords']},
'description': 'SPIROL International, a US and European manufacturer and '
'distributor of pins, inserts, and brass nuts for plastic '
'components was breached by the hacker group called DeleteSec. '
'The leaked data contained the email addresses of over 70,000 '
'of the company’s customers and also some records contained '
'around 886 passwords. The hackers informed that they '
'leveraged an SQL Injection in the news section of the site to '
'gain access to the data. And the files were leaked after '
'SPIROL allegedly threatened to have the hackers arrested.',
'impact': {'data_compromised': ['Email addresses', 'Passwords']},
'initial_access_broker': {'entry_point': 'SQL Injection in the news section '
'of the site'},
'motivation': 'Unknown',
'post_incident_analysis': {'root_causes': 'SQL Injection vulnerability'},
'response': {'law_enforcement_notified': 'Threatened to have the hackers '
'arrested'},
'threat_actor': 'DeleteSec',
'title': 'SPIROL International Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'SQL Injection'}