As one of several types of cybersecurity breach, an SQL injection (SQLI) is a type of attack that exploits weaknesses in the database management software of unsecure websites in order to get the website to spit out information from the database that it’s really not supposed to release.
Here’s how it works: A cybercriminal enters malicious code into the search field of a retail site, for example, where customers normally enter searches for things like “top rated wireless headphones” or “best-selling sneakers.” Instead of returning with a list of headphones or sneakers, the website will give the hacker a list of customers and their credit card numbers.
View Breach for more.