Just before the new year broke, Eastern Standard Time, “Qurlla” of New World Hackers announced a major leak of Lenovo web servers, releasing what was perhaps the single largest data dump I have ever seen. According to the hackers behind the leak, even after the initial leak was posted online downloads from the website were still ongoing.
According to Qurlla, Lenovo’s web servers were originally compromised via SQL injection off of an outdated product ID number. Meaning that the hackers were able to find a product ID online which accidentally led them to an error page. Then, using this error page, hackers proceeded to enter a series of query strings ultimately granting them full administrator level access over the website and all its contents – allegedly over 20 GB of data.
According to the estimates of hackers involved in the breach, over 127,000 customers were effected and over 1 million registered users exposed. Browsing through different tables attached to the leaks, you can find information such as payment providers and plans, access to the websites video files, chatroom and registered email users, as well as their email exchanges/messages with Lenovo staff. You can find the shipping addresses of customers, order numbers, password history, customer account login information, mailing lists and much more. You can even find a list of IP Addresses blacklisted by the website, nearly 2,000 lines of data in total – composing of access to dozens of databases and hundreds of folders/tables.
Database IP: 22.214.171.124
Website Login: https://lenovo.com/us/en/login
Root Login Username: Lenovo
Hey, @Lenovo your website database has been leaked by New World Hackers.
You should really update your security and add load balancers to your website.
View Database: https://t.co/6ttJktEoAC#Security #TangoDown pic.twitter.com/uItb3r67Ky
— Qurlla (@Qurlla) January 1, 2019
Categories: Hacking News