Telegraph website hack exposes 700,000 subscriber details

UK newspaper The Telegraph compromised by Romanian hacking group.

National UK daily newspaper The Telegraph was compromised by Romanian hacking group, Hackersblog late last week.

The self-confessed ethical hacker group posted information and screen shots that detailed its SQL injection hack which revealed "full access to all the databases of this famous newspaper".

A HackersBlog blogger, going by the name of Unu, said the compromise exposed much of the Telegraph's database, including about 700,000 subscriber email addresses as well as their passwords in clear text.

In a statement on the Telegraph's website, Paul Cheesbrough, chief information officer for Telegraph Media Group, said the hack probed database tables behind one of its partner sites, search.property.telegraph.co.uk, and "exposed a weakness in the way that particular site had been coded."

"The problem being highlighted does not affect the main telegraph.co.uk site, as some of our competitors are reporting," said Cheesbrough.

"The Telegraph Media Group does take anything that potentially compromises the security of our site and the data that we hold extremely seriously," he added.

"We immediately took the impacted site down on Friday, and the two-year-old third party code is being re-written to eliminate the issues that hackersblog.org brought to our attention."

Cheesbrough went so far as to thank the team at hackersblog.org for bringing these issues to his attention. "We've listened, and we're working with the partner site to sort out the cause of the problem."

Rik Ferguson, solutions architect at Trend Micro, wrote on the company's security blog that affected people should change their password on that and perhaps other sites. "Recently published research showed that 61 percent of people use the same password for multiple sites, so this kind of compromise represents real risk for many people."

Ferguson offered tips for maintaining password security online. "Choose three complex passwords, easy to remember but difficult to guess, use a combination of numbers, upper and lower case letter and special characters like !£$@&," he wrote.

"Use the first password as a general one for the majority of sites that require passwords to login. The second password, use for your email account and only your email account, that way, should your email be compromised, you do not have to worry about your other services. Finally use the third password for any websites that could have financial consequences," he said.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Siobhan Chapman

Computerworld UK
Topics: hack
Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Compare & Save

Deals powered by WhistleOut
WhistleOut

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?