In early March 2021, Ars Technica reported (see the following callout) that 70 GB of data was supposedly stolen from the infamous social media platform Gab. This data included passwords and other user data, private messages, and more. The reason: the code was vulnerable to SQL injection. This allowed an anonymous attacker to access and download this vast amount of data and to make it available to selected researchers.
note
See http://mng.bz/gwAE for the initial report, and http://mng.bz/5QOB for more details on the programming mistake.
SQL stands for “Structured Query Language” and was invented in the 1970s to provide a language to communicate with a relational database to, among other things, read and write data to it. Even the creators (Donald D. Chamberlin and Raymond F. Boyce) probably could not imagine back then that their brainchild would still be in use almost 50 years later. That websites would send user input to a web server where it would be put in SQL queries that would then be executed against a database was certainly far from everyone’s imagination back then.