According to the him, there is a SQLi vulnerability on the official website of navy (www.navy.mil.ph). The SQL injection flaw allows the hacker to dump the usernames and passwords on a single query.
http://www.navy.mil.ph/alcaraz/blog_full.php?news_id=-1012 UNION SELECT 1,2,3,4,group_concat(username,0x3a,password),6,7,8,9,10,11,12,13,14 from tbl_users–
The leak includes user’s email addresses, usernames and encrypted passwords reaching up to more than 50+ lines.
In a separate post, Pre hacker has also leaked the tables of the same database.