A threat actor has allegedly compromised the major Taiwanese news outlet, United Daily News (UDN), and is offering access to its databases for sale on a dark web forum. UDN is one of the largest media conglomerates in Taiwan, founded in 1951, making this a significant potential security incident impacting a key institution in the region. The seller claims to have gained access via an SQL injection vulnerability, a common web application attack vector.
The threat actor provided a list of 19 databases they allegedly control, suggesting a wide-ranging breach across the media group’s digital infrastructure. The names of the databases imply that sensitive information could be at risk, including data related to political news and national elections. The potential exposure of such information could have serious implications for the privacy of individuals and the security of journalistic sources.
The list of allegedly compromised databases includes:
- act_backend
- bracket
- election2020
- election2024
- esg_survey
- event
- event_api
- event_backend
- fantasy
- health_wiki
- information_schema
- mysql
- nba_backend_2020
- pagespeed
- performance_schema
- politics
- retire
- sys
- utravel
