New WHID web hacking incidents

From: Ofer Shezaf <>
To: Bugtraq <>
Subject: New WHID web hacking incidents

After a way too long negligence, I am updating again the Web Hacking
Incidents Database (WHID). I hope to close the gap shortly in order to be
able to issue the WHID 2008 report. One of the obstacle facing WHID was a
lack of proper content management system forcing me to edit a lot of HTML to
add every new incident. WHID now moved to a proper (though admittedly less
secure) system and the new address is The new
system allows you to join in and comment and discuss the incidents.

The first incidents reports for 2009 are:
* WHID 2009-2: Prominent Twitter accounts hacked
* WHID 2009-1: Gaza conflict cyber war (

Other incidents of interest added recently to WHID:
* WHID 2008-43: Russian nuclear power web sites attacked amid accident
* WHID 2008-36: RBS WorldPay Data Breach Hits 1.5 Million
* And lastly, the big TJX hack, that finally got into WHID as new reports
suggest that web hacking also had a role in it, WHID 2007-89: The big TJX

~ Ofer

Ofer Shezaf, +972-54-4431119

Founder,, Proactive Web Application Security,
Chairman, OWASP Israel 
Leader, WASC Web Hacking Incidents Database Project

Copyright © 1995-2019 All rights reserved.