Hacker hacked into HM Revenue and Customs,a UK tax collection website and leaks data


The hacker named #GAMEOVER has claimed to have hacked the major  UK websites on Saturday .The websites include the govt. websites like Number10.gov.uk, Data.gov.uk which is up and running nor any downtime was reported by any of the websites nor by the media.

But the hacker was successful in hacking into HM Revenue and Customs ,using a Blind SQL injection attack.The hacker  exploited the vulnerability in an application  using Blind SQL Injection. The Blind SQL injection attack asks the database true or false questions and determines the answer based on the application response

The hacker has posted personal and business information on the internet. The leaked data lists loads of information about the UK citizens like Full name, Post, Company name, Telephone, Email, Title , First name, surname, Address line 1, Address line 2 , Address line 3, Address line 4 , Address line 5, Postcode and Count.

The hacker has specifically leaked the data of the people working at the post of Account Directors, Account-Managers, Account co-ordinator, Account Assistants  working with some major companies like

  • loweworldwide.com,
  • thegrandunion.com,
  • mattersmedia.co.uk,
  • tmhtelemedia.co.uk,
  • wcrs.com,
  • teamsaatchi.co.uk,
  • ddblondon.com,
  • 23red.com,etc

The list is very detailed and has the information of 5703 accountant individuals of more than 100 companies chairing various positions in the major companies of UK. I cross checked the database by running simple search on LinkedIn and found every corporate information about the person , company and the position matching with  the leaked data.

And also HRMC,  is the only website in the UK  which needs to keep the data of the accountants of the companies. So I won’t be surprised if a news of data leakage from the HM Revenue & Customs is reported by the mainstream media.