It must have been with the greatest sense of irony when a pair of hackers broke into MySQL.com over the weekend using an SQL injection attack. For those who are not familiar with the term, an SQL injection is a phrase used to denote the execution of unauthorized SQL database commands--usually by exploiting improperly or insecurely designed web applications. In this instance, SearchSecurity reported that the hackers used a blind SQL injection which meant that the hackers figured out the pertinent database structure by a process of trial-and-error.

Though no other details were given about how they managed to perform the SQL injection in the first place, the hackers posted user names of the site's users as proof of their claims. In addition, the password hashes of related users are also compromised and posted online, with some of them cracked by now. As a precaution, users who have an account on MySQL.com are advised to change their passwords as soon as possible. Oracle, which gained MySQL through its acquisition of Sun Microsystems, says it is investigating the incident.

For more on this story:
- check out this article at Search Security
- check out this article at SC Magazine
- check out this article at Computerworld