A Foxconn website ended up hacked by an attacker that just wanted to show the electronics manufacturer had a lack of security.
The subdomain D35m0nd142, a hacker from Germany, penetrated was cq.foxconn.com, which belongs to the factory from Chongqing, China.
The hacker has exploited a Blind SQL Injection vulnerability to gain access to a database which contains, among other things, the details of users, including email addresses and passwords.
Prior attacks on Foxconn sites were for protests against poor working conditions. However, this is not the case. D35m0nd142 has contacted Foxconn to tell them about the vulnerability and has redacted all the sensitive information to make sure it can’t be misused.
“My attack hasn’t any malicious or political purposes, just a usual attack in order to retrieve bugs in a big website,” the hacker said.
Currently, users who try to access the cq.foxconn.com site need to enter a username and a password.
According to the hacker, users could gain access to the site without login credentials on Monday, so this might indicate Foxconn is working on addressing the issues.