November 18, 2016
Hacker Kapustkiy just managed to break into another government website, this time in Italy where the target was the Dipartimento della Funzione Pubblica.
Specifically, using a simple SQL injection, Kapustkiy got access to a database of no less than 45,000 users, including login credentials for services being handled by Italian cities.
Kapustkiy took to Pastebin to share part of the database, saying that he decided to leak only 9,000 of the entries in order to give time to the Italian authorities to fix the security flaw.
The worst thing, however, is that Italian officials have until now ignored the hacker’s emails, and Kapustkiy told us that he already contacted the site’s administrators to tell them about the breach, but all his messages received absolutely no response.
“I did not get any response from them. I hope that they will look in the database now after this breach and make their security better,” he told us.
We’ve also reached out to the Italian ministry to ask for more information about the hack, but at the time of publishing this article, an answer is not yet available – we will update the post if an official statement is provided.
Other government breaches
Kapustkiy has been really busy lately, as he managed to break into several other government websites across the world, including the Paraguay Embassy of Taiwan. Furthermore, he also breached into sites belonging to the Indian Embassies in Switzerland, Mali, Romania, Italy, Malawi, and Libya, leaking database information that includes the details of thousands of users, such as names, phone numbers, and emails.