He contacted me via Twitter to report the data breaches, in the case of the Indian Embassy in New York he explained to have leaked only a small portion of stolen data that doesn’t include US personnel.
“Hi, Its me Kaputski, A few weeks ago I breached several websites that were related to the Indian ShitEmbassy. So I thought they will fix all the vulnerables in there domains and also look at there other domains that maybe could have a simple ”SQLi” vulnerable. So guess what? they did not look at all and only fixed some of there domains SMH……….” wroteKapustkiy.
“I’m tired to report all the errors that I find in there website that I decided to breach them, NOW FIX YOUR SECURITY FUCKING ADMINS! NOTE: There was also a table named ”Newyork_contact” which had 7000 entries. I didn’t leak that out of privacy of people. Also the table ”Newyork_registration” had also information like Address,City,zipcode,phone number” I only leaked this but it could be more.”.
The databases related to universities include users personal information such as names, login, passwords, phone and many other information of students and staff.
As you can see in same cases the passwords are stored in plain text.
Records belonging to the hacked embassy include also phone numbers, let me highlight once again that such kind of information is a precious commodity for nation-state hackers that intend to launch a spear phishing campaign against diplomats.
Kapustkiy explained to have leaked the data because the administrators of the targeted entities ignore his warning via email.
It is likely Kapustkiy exploited SQli injection flaws in the last string of data breaches.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.