The Anonymous attack on Armscor’s settlement system earlier this week is believed to have compromised data about Armscor suppliers, including their IDs, names and passwords.
According to an interview with Anonymous published in HackRead, the passwords would allow anyone to login to the system as a supplier or manager.
Worse, Anonymous reveals that Armscor has a number of bugs in its system that would allow anyone to open a settlement with just the supplier ID and no password.
Despite the gravity of the hack, and the possibility that suppliers’ information has been compromised, the hacker told HackRead that “simple SQL injection” was all that was required to breach Armscor’s settlement systems.
Data of close to 20 000 suppliers was retrieved in the attack, which also accessed invoicing and payment information.