An SQL query is a request for some action to be performed on a database, most commonly on a web page that asks for a username or password. But since most websites don’t monitor inputs other than usernames and passwords, a hacker can use the input boxes to send their own requests – that is, inject SQL into the database. This way, hackers can create, read, update, alter or delete data stored in the back-end database, usually to access sensitive information such as social security numbers and credit card data as well as other financial information.
Since a SQL injection attack can affect any website or web app that uses an SQL-based database, it’s one of the oldest, most prevalent, and most dangerous forms of cyber-attacks out there. Even more troubling, SQL injections are on the rise now that there are automated SQL injection programs, meaning hackers can attack and steal more now than ever before.
Unfortunately, if an attacker has any talent, it’s impossible to detect an SQL injection attack until your data has been made available to the public and/or the theft has already happened. This is especially true for most users who have no way of knowing if the database they’re signing into has been compromised.
Since an SQL injection attack affects websites rather than users’ computers or devices, removing an SQL injection is the responsibility of the website or web app. For the individual, the only safeguard is to be attentive to the news and be on the lookout if a company has announced that their security has been compromised, so they can quickly change their login information before their accounts can be hacked.