RIAA website gets hacked by SQL injection

by Todd Ritter on January 21, 2008 at 08:30 PM

RIAA site hacked
Yesterday a Reddit user posted a link that supposedly runs a time-consuming SQL query on the RIAA'a website. Of course the Reddit community began trying to stick it to the RIAA, and eventually someone may have deleted all of the site's content by exploiting a poorly configured web/database server with an SQL injection attack.

The site appears to be operating fine now, but we noticed it certainly wasn't fine yesterday (and TorrentFreak has screenshots of the site, sans content). Is it ironic that the RIAA uses free open-source software (OSS) such as PHP to run their website while hunting down people who allegedly don't pay for music? You'd expect something more sinister, like Karl Rove hand typing HTML pages in a dimly lit sarcophagus or, at least MS SQL/IIS.

If only they spent more time working to save themselves from cross-site scripting attacks and SQL injection instead of going after college students for downloading "My Humps."

[Via TorrentFreak]

Tags: database, hacked, mysql, php, riaa