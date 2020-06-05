https://www.itnews.com.au/news/email-from-haveibeenpwned-wipes-helpdesk-tickets-548916

Recreational vehicle app developer QB8 LLC had signed up for the free HIBP messages to check for compromised accounts on its fyre.io domain.

When a message from HIBP arrived to QB8's helpdesk address after a recent data breach, it was automatically turned into a ticket in the company's tech support system, the open source

Gestionnaire Libre de Parc Informatique (GLPI) version 9.4.5.

The QB8 techs read the HIBP report, checked the data and alerted users to the breaches.

After that, the ticket was assigned to one particular technician, and marked as solved.

By assigning the ticket to a particular team member, the GLPI system parsed the ";--" characters in the header of the HBPI email, and interpreted it as a Structured Query Language database command that deleted data in the helpdesk system.