A hacker that goes by the nickname of 1×0123 revealed he found an SQL injection flaw on one of the servers of Mossack Fonseca, the Panamanian firm involved in the massive data leak known as.
The hacker revealed the bug last Saturday, saying he found it in Mossack Fonseca’s custom online payment system called, putting some of the server’s configuration data inside a Paste.ee file.
1×0123 also took a screenshot of the email he sent to Mossack Fonseca’s staff, informing them of their issue.
Mossack Fonseca may be probably too busy to answer him since they’re still recovering from the massive data leak from last week when over 2.6 TB of internal documents, emails, and other files were revealed by a team of international reporters.
1×0123 discovered numerous flaws in other services
Exploring 1×0123’s Twitter timeline, it’s pretty clear that he’s a grey hat hacker, an individual that hacks servers (which is illegal) but also notifies companies they’ve been hacked, providing details of their vulnerability (which is the responsible behavior).
Previously to notifying Mossack Fonseca, the same hacker informed Edward Snowden of a blind XSS (cross-site scripting) in the Piwik self-hosted analytics service used on the Freedom of the Press Foundation website, a project the US whistleblower is working on. Snowden thanked him personally in a tweet on Sunday.
Other companies to which he reported, or tried to report bugs, include NASA, Telegram, SourceForge, and the New York Times.
From his tweets, 1×0123 seems to be the same person that attempted toto the LA Times dashboard last week after he leveraged a vulnerability in the Advanced XML Reader WordPress plugin.
Additionally, screenshots on the hacker’s profile indicate that he may also have access to tens of thousands of user accounts, complete with plaintext passwords, belonging to adult site Naughty America.
private — 1×0123 (@1×0123)
Thanks tofor reporting a piwik vulnerability to ! Great work. Got a bug report? Please contact with details. — Edward Snowden (@Snowden)
.com wordpress plugin vulnerability escalation to upload shell on server + take over domains. — 1×0123 (@1×0123)
can you DM? — 1×0123 (@1×0123)
— 1×0123 (@1×0123)
— 1×0123 (@1×0123)