Search This Blog

Showing posts with label Davy Jones Hacker. Show all posts

United Nations High Commissioner for Refugees in Sri Lanka website (UNHCR.lk) hacked


The hacker known as Davy Jones who hacked Top Sri Lankan websites, has come with another hacking attack.  Today, he breached the United Nations High Commissioner for Refugees in Sri Lanka website .

UNHCR is the refugee agency of the United Nations. In Sri Lanka, UNHCR works to protect and assist people displaced by the conflict within the country - internally displaced people (IDPs) - as well as those returning to their homes in the north and east.  UNHCR is also assisting Sri Lankan refugees returning from India and a small number of the asylum-seekers and refugees from other countries

The hacker has compromised the database server belong to UNHCR.lk and leaked the stolen data in the Pastebin(pastebin.com/5UaZ6XgB).

The dump contains the data from the table called 'admin login fail backup details' that contains password and email address.

The dump also contains the username and password of the administrator account.  Even though the password of the admin is hashed with MD5,  the password('admin') is very simple to Guess for a normal user also.

Recently, the hacker also claimed that he ddosed Colombo Stock Exchange(cse.lk) for few hours against corruption of Sri Lankan government.

Srilankan President Mahinda rajapaksha theatre Lotuspond site hacked


The hacker with online handle "Davy jones" has claimed to have hacked the Srilankan President Mahinda rajapaksha theatre Lotuspond website(lotuspond.lk)

The hacker breached the database server and leaked the compromised data in pastebin(pastebin.com/zUZ29Lnd)

The dump contains database details, admin user name , email address and hashed password.

The hacker also claimed to have hacked few Tv channel database and extracted more than 8000 email ids and passwords.(pastebin.com/mHCTDRQW)

Recently, the same hacker breached the server of Sri lankan Port authority website and defaced it.  He also hacked the two famous Sri Lankan Tv Channel websites namely Rupavahini TV and One SriLanka.


*Update*:
The hacker also hacked into the official website of the Board of Investment of Sri Lanka (investsrilanka.com) and leaked the data.

Sri Lanka Ports Authority(SLPA) website hacked by Davy Jones

A Hacker called himself as Davy Jones hacked into the official website of Sri Lanka Ports Authority (SLPA.lk) and uploaded the defacement page in the site.

Sri Lanka Ports Authority (also abbreviated SLPA) is a government agency responsible for the development and maintenance of all commercial ports in Sri Lanka.

The Defacement page

The main page is not affected by the defacement. The hacker simply uploaded a html file "deface3.html" in the upload folder of Admin(slpa.lk/admin/upload/deface3.html)

The hacker recently breached the two famous Sri Lankan Tv Channel websites namely Rupavahini TV and One SriLanka.

Recently a hacker with online handle "Game over" has defaced Sri Lankan National Security Media Centre website.

Sri Lanka Rupavahini TV and One SriLanka sites hacked by Davy jones


One of the Famous Sri Lankan TV Channel Rupavahini's official website (rupavahini.lk) has been hacked by a hacker named as Davy Jones.

In a pastebin post(pastebin.com/4j5bP9Qn), the hacker claimed that he hacked Rupavahini tv channel database server and leaked the database.

The paste contains database details and few credentials stolen from the target server which includes administrator username, email id, and password hash with salt.

The hacker uploaded the dump of the database in mediafire and posted in the same paste. The dump contains the .CSV files that contain the same data posted in the pastebin.


The hacker also claimed to have hacked the website belong to "One SriLanka"(onesrilanka.tv). The hacker as extracted all data with 1000 email ids and passwords and posted in a Paste(pastebin.com/ynLPDxbP)

According to Intruder statement(, most of the passwords match to email login also. So malicious hacker can use those email addresses for sending mails to anyone.

The paste contains a mediafire download link that contains the dump compromised from the One SriLanka tv website.  One of the .CSV files has the name, email address, username and hashed passwords.

Few days back, he also hacked into Sri Lanka Bureau of Foreign Employment website(slbfe.lk) and leaked the database(pastebin.com/V9ddGkrD). The leak contains few login credentials including the admin id and password.