Cyber Incident Victim: National-Socialist Party of Canada

On February 13, 2014, a hacker operating under the alias @SQLiNairb publicly disclosed a breach of the National-Socialist Party of Canada's official website (https://nspcanada.nfshost.com/). The attacker exploited a basic GET-based MySQL injection vulnerability to extract data from the organization's databases. Five databases were compromised: nspcanada, wordpress, wordpress2, mysql, and db_meinkampf_en. The initial leak consisted of a partial data dump posted to Pastebin, accompanied by the message "Racists, fascists, and hate-mongers beware, nairb is here ;)". Shortly afterward, the hacker released the complete dataset through MirrorCreator, containing credentials for 1,356 user accounts with email addresses, administrative credentials without associated emails, and MySQL credentials with encrypted passwords. Personal information exposed included usernames, email addresses, and plaintext passwords.

The breach exposed sensitive authentication details of the organization's members and administrators, though the website's publicly accessible content was described as containing "nothing important." No remediation efforts by the National-Socialist Party of Canada were documented in available records. The attacker explicitly framed the operation as targeting hate groups, with the Pastebin statement serving as ideological justification. The full data release expanded the potential misuse of credentials beyond the initial partial disclosure. No information exists regarding detection methods, containment measures, or post-incident responses from the affected organization or impacted individuals. The compromised MySQL credentials created additional risks of unauthorized database access, though the scope of any subsequent system exploitation remains unverified.