by Joe C
A SQL injection exposed a lot of personal log in information and customer data for a reseller company called Comodo. The breach in security allowed the attackers to access employee log-in credentials. This Brazil-based partner reseller is the forth Comodo partner to be attacked this year. The resulting information gained by the hackers were posted to Pastebin, a text sharing site. To complete an SQL injection attack, SQL statements are inserted into entry fields such as comment or log in fields on a form. When the website tries to process this text, certain code can end the original intent of the entry and execute different functions, in this case, trying to return log in credentials to the attacker. The president (also CEO) of Comodo claimed that the systems were never compromised and hackers had no access to their databases. What they did get from the customer information were names, addresses, emails, and phone numbers. Some private files were also leaked which included user IDs and passwords. A Comodo reseller in Italy was also attacked back in March. Many organizations are currently trying to figure out solutions to certification.