A hacker claims to have breached the systems of an organization that helps Americans obtain Russian visas.
The Russian Visa Center, which has five locations in the U.S., was allegedly hacked by a hacker who spoke with The Daily Caller. He claimed to have obtained the information of around 3,000 individuals. The hacker, a 17-year-old known as Kapustkiy, told the news site, “I used [a] simple SQL Injection to get access to [their] site. I have reported the vulnerable [sic] already by the administrator and CERT.”
CERT, or US-CERT – is Homeland Security’s Computer Emergency Readiness Team, an organization that analyzes and responds to cyber threats on the night of the hack.
The young hacker, who claims to be part of group called New World Hackers, also told TheDC that he has no plans to leak the information to the public at large.
“I did it to let them understand the consequence of a databreach,” he said, “I have contacted them about this, to let them know what could happen when a Black Hat Hacker would hack them.”
Kapustkiy also shared the info he obtained with BuzzFeed and described himself as an ethical hacker who finds vulnerabilities in various websites.
“I want administrators to secure their things better and understand the consequence of a data breach,” he said in a Twitter direct message.
BuzzFeed News claims to have contacted numerous people on the list proved to them by Kapustkiy. At least five confirmed that they had applied for Russian visas.
Run by an American company called Invisa Travel Logistics, the Russian Visa Center helps Americans secure necessary travel documents to Russia, including setting up appointments for applicants to meet with Russian consulate officials. An attorney for the center, John Shoreman, told the news site that it was likely the appointment scheduling system that was targeted.
“The security services are saying that the visa website itself was not hacked, but the calendar may very well be the subject of a hacking,” he said. “ILS shares a calendar of appointments with the consulate office of the Russian embassy and apparently that’s where these 3,000 names came from, it came from a calendar of appointments.”
Shoreman also said that the center – which has operations in Washington, New York, San Francisco, Seattle, and Houston – is in the process of contacting users affected by the data breach and they will be advised to change their email passwords. It is also in the process of notifying the FBI and Homeland Security.
The Russian Visa Center has not yet responded to a request for comment on this story from FoxNews.com.