On December 17th 2018 “Qurlla,” the original founder of New World Hackers, announced a hack of the website belonging to the International Airport of Atlanta, leading to the leak of approximately 764 passports online. In a press release on Twitter, Qurlla explains how he was able to compromise the airports website via SQL injection through one of the sites web pages, though the specific URL effected and payload delivered were not disclosed to the public.
In statements to Rogue Media Labs, Qurlla explained that he found the vulnerability while “testing the security of the Atlanta Airport.” Explaining how “the website was vulnerable to SQL injection and their WAF wasn’t good enough to prevent the attack.” Adding that he might not have “fully downloaded the file from the database properly though,” but “they never patched the vulnerability, so if I try again to get root access I’d probably deface the site.” Qurlla says that despite tagging the airport in the hack/leak, officials have never responded to or tried to touch base with him about the incident.
One of the most active and influential groups in late 2016 and early 2017, New World Hackers is well known inside various hacking circles. However, after going dark for a brief time it appears as though the group is ready to make a comeback. In fact, when asked this very question, if the group is preparing to make a comeback, Qurlla responded “Yes, we are dumping databases, a variety of accounts and cracking tools. Not to mention social engineering methods to get free products xDD.” New World Hackers officially launched a new website on November 17th 2018, featuring various forums, data dumps/leaks and an online chatroom, access to which you can find here: https://newworldhackers.com
Website Effected: hxxps://www.atl.com/
Passport Database Download (617.57 KB): https://anonfile.com/6fSeW3nfbe/Passport764_pdf
Example of Hacked/Leaked Data: