Hackers use SQL Injection to ‘inject’ $4 million into their bank accounts

by Evin C
SQL has many uses, and apparently some of them aren’t so legal. This article reports on one of the biggest cases of online identity thefts in U.S. history. Three men were sent to prison for 17 to 25 years for hacking into Heartland Payment Systems, a business used to process sales by credit card companies and certain vendors. This was not the only business to be hit and the result was 130 million credit-card numbers being stolen and a profit of up to $4 million for the hackers themselves. The article reported that the hackers “used a method called SQL injection to carry out the deeds.”

It then goes on to explain details behind SQL Injection and how serious an attack like this actually can be. On a better note, the Federal Trade Commission’s senior attorney stated that “SQL injection compromises are ‘commonplace and relatively simple to prevent.'” There is a simple way to prevent SQL injection, involving the denial of SQL statements directly. These points are quite interesting considering our start of SQL with this course.

We briefly mentioned SQL injection during our first weeks and it was interesting to find out how it can actually be used. Considering we are only just beginning our work on SQL I’m sure we have a long way to go but for future this is definitely a good read. Just to think how many ways society can be infiltrated through the methods we are learning in our courses is almost as surprising as it is scary.


Albanesius, C. (2010, May 1). Pc mag. Retrieved from http://www.pcmag.com/article2/0,2817,2363293,00.asp

3 thoughts on “Hackers use SQL Injection to ‘inject’ $4 million into their bank accounts”

  1. What can I say, I enjoy reading articles like this too. Especially when it’s on cnet, diff, or the news. At MtSAC, one of my professors actually demonstrated an SQL injection in class. It did not seem very difficult to do just by watching him but I’ve never actually tried. Maybe we might get to see an actual demonstration in 305. If not, there are plenty of websites out there with information about this sort of thing.

  2. Good example of how vulnerable databases are. Companies in general should focus more on securing their databases, protecting their customers.

  3. SQL injection always happens, and it is very annoying. A company that I worked also had a few SQL injection on some customers’ database. After an investigation, most of them happened because of a poor script from the customers’ end. Of course, it is just one of the security leaks. I wish I could learn what the other ways to hack into SQL database.

Comments are closed.