(also Structured Query Language injection, SQLi)
SQL injection is a cyberattack that uses malicious SQL code to manipulate a database and access sensitive information.
In 2009, three hackers stole 130 million credit card numbers using a SQL injection attack. Targeted companies included 7-Eleven, Hannaford Brothers, and Heartland Payment Systems.
In 2012, a hacker group Team GhostShell stole and published personal data of students, faculty, employees, and alumni from 53 universities using an SQL injection. Targets included Harvard, Princeton, Stanford, Cornell, and Johns Hopkins.