소셜 네트워킹 서비스(SNS, Social Network Service)의 애플리케이션을 개발하여 MySpace, FaceBook 과 같은 사이트에 공급하는 Rock You 사에서 SQLi(SQL Injection) 취약점으로 인해 약 3천260여만개의 계정 정보가 해커에게 탈취당하는 사건이 발생했습니다.

이는 계정 정보 DB에 접근할 수 있도록 SQLi 취약점이 존재한 것때문으로 파악되었으며, 현재에는 이 문제를 해결한 상태입니다.

하지만, igigi 라고 불리우는 해커가 탈취한 정보를 공개하여 사건이 일파만파 커지고 있습니다. 공개한 정보에 따르면 사용자의 ID와 비밀번호는 암호화하지 않은 평문으로 DB에 저장하였으며 이는 꽤 위험한 사안임에 분명합니다.

Database codedb
===============
OnCallUsers
ReleaseFiles
ReleaseLog
ReleaseSerialize
ReleaseUser
ReleaseWhiteList
UserProjects
files
incomplete_files
srv_file_data
svn_commit_log
svn_push_log
www_servers

Columns www_servers
================
server_name

Data www_servers [115]
================
www200
www202
www203
www204
www205
www206
www207
www208
www209
www210
www211
www212
www213
www214
www215
www216
www217
www218
www219
www220
www221
www222
www223
www224
www225
www226
www227
www228
www229
www230
www231
www232
www233
www234
www235
www236
www237
www241
www242
www243
www244
www245
www246
www247
www248
www249
www250
www251
www252
www253
www254
www255
www256
www257
www258
www259
www260
www261
www262
www263
www264
www265
www266
www267
www268
www269
www270
www271
www272
www273
www274
www275
www278
www279
www280
www281
www282
www283
www284
www285
www286
www287
www288
www289
www290
www291
www294
www295
www296
www297
www298
www299
www300
www301
www302
www303
www304
www305
www306
www307
www308
www309
www310
www311
www312
www313
www314
www315
www316
www317
www318
www319
www320
www321
www322

Columns ReleaseUser
================
userid
name
ldap_user
password
email
superuser

Data ReleaseUser [52]
================
1|Ryo|eng-ryo|roc***|ryo@rockyou.com|1
2|Jia|eng-jia|DuF***|jia@rockyou.com|1
3|Kazu|dev-kazu|nlj***|kazu@rockyou.com|0
4|Lance|eng-lance|frU***|lance@rockyou.com|1
5|Raymond|eng-raymond|h45***|raymond@rockyou.com|1
6|James|eng-james|te9***|james@rockyou.com|1
7|Ernest|ads-ernest|7RQ***|ernest@rockyou.com|1
8|Dathan|eng-dathan|yoy***|dathan@rockyou.com|1
9|David Ma|art-david|4Pa***|david@rockyou.com|0
10|Vinay|pm-vinay|xa3***|vinay@rockyou.com|0
11|Jennifer|pm-jen|KA9***|jennifer@rockyou.com|0
12|Kenneth|dev-kenneth|Xa8***|kenneth@rockyou.com|0
13|Jeremy Tan|dev-jeremyt|HLH***|jeremyt@rockyou.com|0
14|John Hwang|pm-johnh|raG***|johnh@rockyou.com|0
15|Tim|pm-tim|gen***e|tim@rockyou.com|0
16|Arthur Chen|pm-arthur|art***c|authurc@rockyou.com|0
17|Eric|pm-eric|67E***|eric@rockyou.com|0
18|Andrew|pm-andrew|SQN***|andrew@rockyou.com|0
22|John Gentilin|ads-john|sp8***|john@rockyou.com|0
21|Shamik|ads-shamik| Es***|shamik@rockyou.com|0
26|Chuck|eng-chuck|bRe***|chuck@rockyou.com|0
19|Sandy|pm-sandy|stE***|sandy@rockyou.com|0
23|Alex Grichuk|eng-alexander|5uw***|alexander@rockyou.com|1
24|Ibrahim|eng-ibrahim|AF$***|ibrahim@rockyou.com|1
25|Len|eng-len|&Ab***|len@rockyou.com|1

Database partners
===============
Partner
PostSections

Columns Partner
================
partnerid
createddate
modifieddate
state
partnername
username
password
test_authtoken
test_username
test_password
post_url
iframe_url
home_url
directons
import_type
publish_type

Data Partner [139]
================
1|ryonations|aho*****|ryo ishizuka
9|mekatek@gmail.com|460*****|jia
12|albert_magnuson@yahoo.com|num*****|Friendster
13|ro@rockyou.com|460*****|altamerc
14|admin@bstar.com|461*****|bStar
18|ododo@dodood.com|461*****|dddee
19|rsiu@tickleinc.com|jka*****|ringo
20|ajmagnu@gmail.com|461*****|AJ's Site
21|jia@rockyou.com|mek*****|rockstar
22|peter@rockyou.com|461*****|peter
23|eugene.j.park@gmail.com|461*****|eugenejpark
24|eugene@flixster.com|pas*****|Flixster
25|nemwmin@aol.com|462*****|Adam
26|aj@rockyou.com|xan*****|Xanga
27|greg@asw.com|464*****|asw
28|gareth@asw.com|464*****|asmallworld
29|grendler@socialconcepts.com|fre*****|fubar
30|kenny@amikoo.com|464*****|Amikoo
31|support@piczotube.co.uk|465*****|PiczoTube
32|joelovesfishing246@hotmail.com|465*****|Media Dump
33|adam@urtab.com|suz*****|UrTab
34|bodenpat@iclltd.com|bad*****|Badongo
35|business@zorpia.com|465*****|Zorpia
36|lycan@groovenet.ph|465*****|GrooveNet
37|w.steward@fileden.com|466*****|FileDen

Database phpmyfaq
===============
faqadminlog
faqcaptcha
faqcategories
faqcategory_group
faqcategory_user
faqcategoryrelations
faqchanges
faqcomments
faqconfig
faqdata
faqdata_group
faqdata_revisions
faqdata_tags
faqdata_user
faqglossary
faqgroup
faqgroup_right
faqlinkverifyrules
faqnews
faqquestions
faqright
faqsessions
faqtags
faquser
faquser_group
faquser_right
faquserdata
faquserlogin
faqvisits
faqvoting

Database rockmyspace
===============
App
CoRegistration
CoRegistrationService
Comment
ContactList
CountDown
CountDownPublished
Email_list
Email_list_final
FXTextPublished
Favorite
GamesRating
Genre
GizmozPublished
GmailUserInfo
HoroscopePublished
Instance
LayoutCategory
Likeness
MochiAdsGames
MySpaceFoo
MySpaceLikenessContactComment
MySpaceUserInfo
MySpace_Foo
MySpace_List
ObamaSupporters
ObamaSupportersSlideshow
PageFlashPublished
PersonalBoard
PersonalBoardObjects
Pets
PetsBattleLog
PhotoFX
PhotoFXDetail
PhotoFXObjects
PhotoFXPublished
PicInstance_10
PicInstance_11
PicInstance_12
PicInstance_13
PicInstance_14
PicInstance_15
PicInstance_16
PicInstance_17
PicInstance_18
PicInstance_19
PicInstance_5
ProUser
Razz
ScratchInstance
ScratchInstancePublished
SlideshowPublished
SlideshowUnsuitable
Song
SongChoice
SongGenre
SpamReport
TextPixPublished
TopShows
Unsubscription
User
UserAccount
UserDatranUnsub
UserDetail
UserMessage
UserMessageBlockList
UserPoints
UserPointsEvents
UserPointsTransactions
UserReferer
UserScrape
Video2Categories
Video2Tags
VideoCategories
VideoTags
Videos
Voicemail

Columns UserAccount
================
userid
username
password
type
allowmail

Data UserAccount [32603388]
================
1|jennaplanerunner@hotmail.com|mek*****|myspace|0|bebo.com
2|phdlance@gmail.com|mek*****|myspace|1|
3|jennaplanerunner@gmail.com|mek*****|myspace|0|
5|teamsmackage@gmail.com|pro*****|myspace|1|
6|ayul@email.com|kha*****|myspace|1|tagged.com
7|guera_n_negro@yahoo.com|emi*****|myspace|0|
8|beyootifulgirl@aol.com|hol*****|myspace|1|
9|keh2oo8@yahoo.com|cai*****|myspace|1|
10|mawabiru@yahoo.com|pur*****|myspace|1|
11|jodygold@gmail.com|att*****|myspace|1|
12|aryan_dedboy@yahoo.com|iri*****|myspace|0|
13|moe_joe_25@yahoo.com|725*****|myspace|1|
14|xxxnothingbutme@aol.com|1th*****|myspace|0|
15|meandcj069@yahoo.com|too*****|myspace|0|
16|stacey_chim@hotmail.com|cxn*****|myspace|1|
17|barne1en@cmich.edu|ilo*****|myspace|1|
18|reo154@hotmail.com|ecu*****|myspace|1|
19|natapappaslie@yahoo.com|tor*****|myspace|0|
20|ypiogirl@aol.com|tob*****|myspace|1|
21|brittanyleigh864@hotmail.com|bet*****|myspace|1|myspace.com
22|topenga68@aol.com|che*****|myspace|0|
23|marie603412@yahoo.com|cat*****|myspace|0|
24|mellowchick41@aol.com|chu*****|myspace|0|
25|baiko0o@aol.com|may*****|myspace|0|
26|indahamzah84@hotpop.com|lov*****|myspace|0|

Database rockyou
===============
Cat_10_Date_Cache_12070719B
Cat_10_Rank_Cache_12070719B
Cat_10_Views_Cache_12070719B
Cat_11_Date_Cache_12070719B
Cat_11_Rank_Cache_12070719B
Cat_11_Views_Cache_12070719B
Cat_12_Date_Cache_12070719B
Cat_12_Rank_Cache_12070719B
Cat_12_Views_Cache_12070719B
Cat_13_Date_Cache_12070719B
Cat_13_Rank_Cache_12070719B
Cat_13_Views_Cache_12070719B
Cat_1_Date_Cache_09110222B
Cat_1_Rank_Cache_09110222B
Cat_1_Views_Cache_09110222B
Cat_2_Date_Cache_09110222B
Cat_2_Rank_Cache_09110222B
Cat_2_Views_Cache_09110222B
Cat_3_Date_Cache_09110222B
Cat_3_Rank_Cache_09110222B
Cat_3_Views_Cache_09110222B
Cat_4_Date_Cache_12070719B
Cat_4_Rank_Cache_12070719B
Cat_4_Views_Cache_12070719B
Cat_5_Date_Cache_12070719B
Cat_5_Rank_Cache_12070719B
Cat_5_Views_Cache_12070719B
Cat_6_Date_Cache_12070719B
Cat_6_Rank_Cache_12070719B
Cat_6_Views_Cache_12070719B
Cat_7_Date_Cache_12070719B
Cat_7_Rank_Cache_12070719B
Cat_7_Views_Cache_12070719B
Cat_8_Date_Cache_12070719B
Cat_8_Rank_Cache_12070719B
Cat_8_Views_Cache_12070719B
Cat_9_Date_Cache_12070719B
Cat_9_Rank_Cache_12070719B
Cat_9_Views_Cache_12070719B
Category
CategoryMap
CategoryMapStage
CategoryMapTmp
Country
Fans
Friends
PeopleMap
PeopleMapStage
PeopleUserMap
PhotoInstance
Rating
RatingSummary
SlideshowPublished
Src_Cat_10_Date
Src_Cat_10_Rank
Src_Cat_10_Views
Src_Cat_11_Date
Src_Cat_11_Rank
Src_Cat_11_Views
Src_Cat_12_Date
Src_Cat_12_Rank
Src_Cat_12_Views
Src_Cat_13_Date
Src_Cat_13_Rank
Src_Cat_13_Views
Src_Cat_1_Date
Src_Cat_1_Rank
Src_Cat_1_Views
Src_Cat_2_Date
Src_Cat_2_Rank
Src_Cat_2_Views
Src_Cat_3_Date
Src_Cat_3_Rank
Src_Cat_3_Views
Src_Cat_4_Date
Src_Cat_4_Rank
Src_Cat_4_Views
Src_Cat_5_Date
Src_Cat_5_Rank
Src_Cat_5_Views
Src_Cat_6_Date
Src_Cat_6_Rank
Src_Cat_6_Views
Src_Cat_7_Date
Src_Cat_7_Rank
Src_Cat_7_Views
Src_Cat_8_Date
Src_Cat_8_Rank
Src_Cat_8_Views
Src_Cat_9_Date
Src_Cat_9_Rank
Src_Cat_9_Views
Subscription
Tag
TagMap
TagMapStage
WidgetViewTime
contest
instance_daily_hits
instance_hits
instance_hits_read
instance_hits_write

Database wikispace
===============
archive
bbcategory
bbforums
bbposts
bbtopics
categorylinks
email_log
externallinks
filearchive
hitcounter
image
imagelinks
interwiki
ipblocks
job
langlinks
logging
math
objectcache
oldimage
page
page_restrictions
pagelinks
pm
querycache
querycache_info
querycachetwo
recentchanges
redirect
review
revision
search
searchindex
site_stats
templatelinks
text
text_test
trackbacks
transcache
user
user_groups
user_newtalk
watchlist


출처: http://igigi.baywords.com/rockyou-com-exposed-more-than-32-millions-of-passwords-in-plaintext/
reTweet
Posted by 문스랩닷컴
blog comments powered by Disqus

    댓글을 달아 주세요



    Web Analytics Blogs Directory