Wow... that was close. Imagine if someone could hack into a military website and steal passwords, he could gain access to sensitive data and resources... and maybe remotely command or send false data within the British Navy's network ? Never know. The way it is hacked is via the SQL injection. Every programmer knows the risk of SQL injection and it such stupid risks should have not existed since there have been lots of given techniques to prevent it. It should have occurred but it occurred - an attack via SQL injection. What a shame of the British Navy. I guess they may have ran out of budget to engage a professional and instead, engaged some script kiddy ?