SQL Injection Attack on Pekalongan City’s UMKM Portal Leaks Sensitive Data on Breach Forums

SQL Injection Attack on Pekalongan City’s UMKM Portal Leaks Sensitive Data on Breach Forums


A critical security breach targeting Pekalongan City's government website "katalis.pekalongankota.go.id" has exposed sensitive population and business-related data. The threat actor responsible reportedly exploited a SQL Injection vulnerability, leaking large amounts of data onto Breach Forums, one of the most notorious platforms for sharing breached databases.

Image 1.1 File uploaded by the threat actor containing the database dump and target vulnerability
Image 1.1 File uploaded by the threat actor containing the database dump and target vulnerability

The vulnerable domain, designed to support local small and medium enterprises (UMKM), was exploited using SQLMap or manual SQL injection techniques. This allowed the attacker to bypass security controls and gain access to sensitive backend data. The leaked records include numerous fields that could be linked to individuals and their businesses, presenting a high risk of identity theft, fraud, and unauthorized data exploitation.

The exposed fields likely accessed by the threat actor, based on the nature of the domain and the leaked sample data observed on Breach Forums, include: id_umkm, nik, email, merek, no_hp, alamat, satuan, website, kode_pos, lat_umkm, lon_umkm, kecamatan, kelurahan, nama_umkm, created_at, updated_at, status_umkm, bentuk_usaha, jenis_medsos, nama_pemilik, jenis_kelamin, nilai_produksi, nilai_investasi, nama_akun_medsos, bidang_usaha, kbli, tenaga_kerja_pria, kapasitas_produksi, tenaga_kerja_wanita.

The database, designed to handle UMKM-related activities, holds critical information that, when leaked, can lead to significant consequences. Fields such as nik (National Identification Number), email, and phone number (no_hp) are particularly sensitive, posing risks like identity theft and fraudulent activities. Additionally, business-related data, including nama_umkm (business name), merek (brand), and nilai_investasi (investment value), could be exploited by malicious actors for financial gain or targeted phishing attacks.

Adding to the severity of the breach, the leaked data was shared via a cloud file hosting service, Mediafire, making it easily accessible to anyone with the download link. This distribution method has increased the risk of widespread misuse, as downloading and redistributing the data requires minimal effort and no advanced technical knowledge.

Cybersecurity experts warn that SQL injection remains one of the most prevalent attack methods due to its effectiveness against poorly secured databases. By exploiting input fields and injecting malicious SQL queries, attackers can extract, modify, or even delete sensitive records.

Immediate response actions are critical to mitigating further damage, including conducting vulnerability scans, patching SQL injection vulnerabilities, and enforcing stricter input validation mechanisms. The breach serves as another reminder for government entities to enhance their cybersecurity infrastructure, particularly when dealing with sensitive citizen and business data.

0 Comments