A attacker of two websites has personal data of 315.000 Dutch via the internet be made public. This includes e-mail addresses, phone numbers, addresses, and password hashes.
The data are extracted from the databases of Beauty.nl and Recreatief.nl writes Security.nl. The attacker has the data in its entirety to the internet. Except for the mentioned data include user names and address information.
The nature of the data differs per database; so that of Recreatief.nl 27.000 password hashes, and 23,000 e-mail addresses, and that of Beauty.nl over 85,000 e-mail addresses. In addition, outdated the hacker the login of the ftp server Beauty.nl the login data for an additional database, with a further 200,000 e-mail addresses, and a number of logins for WordPress installations. Between the information found to also address Members of parliament.
It is likely that the data traced via sql-injection. Why the attacker the information is public has been made, is unknown. The spokesperson of the company behind Recreatief.nl and Beauty.nl was not reachable for comment.
Update, 15:56: Director Rob Kraaijenvanger of Crio, the company behind the sites, has reported to the police against the hacker. If the hacker when he had reported, had Kraaijenvanger not reported to the police, but because the information is now on the internet is placed, he does it well. Kraaijenvanger: “The leak has been plugged, we are now looking at how this could happen. We are very very impressed, and find it very annoying.”