exploiting an unpatched vulnerability in phpmyadmin.
They had reluctantly provided access to phpmyadmin to the appdb developers (it is a very handy tool, and something they very much wanted). But it is a prime target for hackers, and apparently our best efforts at obscuring it and patching it were not sufficient.
Now they removed all access to the PhpMyAdmin from outside.
Still now, there is no harm to Database.Unfortunately, the attackers were able to download the full login database for both the appdb and bugzilla. This means that they have all
of those emails, as well as the passwords. The passwords are stored
as Encrypted(Hash), but with enough effort and depending on the quality of the
password, they can be cracked .
He afraid about the users information. The attacker can use those information and get access to the Users Account. So he planned to reset the password and send to the email user.
Security Tips from BreakTheSec:
- Don't Use the same password everywhere.(especially use different and secure password for gmail account and other important accounts)
- @WineHQ's users: If you use the same password anywhere else, Change it immediately.
