

LogMeIn and DocuSign investigate email breach - nikcub
http://krebsonsecurity.com/2012/12/logmein-docusign-investigate-breach-claims/

======
nikcub
I have seen something similar before, and let a comment with a theory on what
has happen here[0].

There is an SQL statement with a user provided LIKE comparator value that is
returning email adress which isn't being filtered properly. The attackers take
advantage of this by running a set of dictionary words against it with %, for
eg. logmein% will return all emails containing 'logmein'

[0] [http://krebsonsecurity.com/2012/12/logmein-docusign-
investig...](http://krebsonsecurity.com/2012/12/logmein-docusign-investigate-
breach-claims/comment-page-1/#comment-134384)

