NullCrew attacked car manufacturer Ford and took advantage of a SQL injection vulnerability in order to gain access to the databases behind the social.ford.com subdomain.
Because of the breach, database and table names, customer usernames, which in are in form of email addresses, and encrypted passwords ended up leaked.
In all, 18 credential sets published online and most of the affected individuals appear to work at an ad agency called Team Detroit.
While sometimes attackers claim credit for a breach and not really get anything, this time it seems like it is real because the information made available by the hackers doesn’t appear to show up anywhere else online.
“No confidential information was compromised by the incident,” said Scott Monty of Ford Global Digital Communications. “Our teams have been working on determining how this happened and have changed all site passwords as a precaution.”