DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

American Express vulnerable to attack, 2GB data potential

Posted on February 25, 2013 by Lee J

american-express-logo1 @TN_cyberarmy has just contacted us and other media sites announcing a exploit on the main American express website which allows access to data. The attack is on americanexpress.com and i can not disclose the vulnerable link but i can provide a simple proof of concept and i can confirm this is in fact exploitable and the said data is readable which totals over 2GB but so far has not been touched or leaked to my knowledge. On twitter @TN_cyberarmy has announced the following which gives insight that they might of downloaded the 2GB of data already. > #binGo #another @americanexpress website under attack with simpl injection we got over than 2 GB of data#tunisiancyberarmy — TunisianCyberArmy1(@TN_cyberarmy) February 23, 2013

Earlier they had made the first announcement that american express had been breached. > [#americanExpress](https://twitter.com/search/%23americanExpress) [#vul](https://twitter.com/search/%23vul) for simpl injection [#expect](https://twitter.com/search/%23expect) the [#bigest](https://twitter.com/search/%23bigest) data leak soonby [#tunisiancyberarmy](https://twitter.com/search/%23tunisiancyberarmy)@[hackread](https://twitter.com/hackread) @[thehackersnews](https://twitter.com/thehackersnews) @[ehackernews](https://twitter.com/ehackernews) — TunisianCyberArmy1(@TN_cyberarmy) [February 23, 2013](https://twitter.com/TN_cyberarmy/status/305346208661114881)

They have provided a screen cap of one of the exploit proof of concepts. amex> basic error as seen from the exploitable url.

Microsoft VBScript runtime error ‘800a0005’Invalid procedure call or argument: ‘mid’/shared/business_advantage/japan/include/scripts/scut.asp, line 38

The attack is not the first time American express has been targeted by hackers but it is one of the first times it has been exposed as having such exploits. It also adds another name to the list of high profile targets that have been attacked by various hackers so far this month.

Related posts:

  • 1749 French based Sites Defaced by CwGhost.
  • Operation Islam v Operation Israel Results
  • 1,355 Indian websites Hacked by hax.r00t n saadi Pakistani hackers
  • 1300+ Sites hacked by Vicky-Cyber
Category: Breach Incidents

Post navigation

← Electronic’s Giant CASIO Hacked, 140,000 Credentials Leaked
UK: Council launches investigation following sensitive data breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.