ARN

Telegraph website hack exposes 700,000 subscriber details

UK newspaper The Telegraph compromised by Romanian hacking group.

National UK daily newspaper The Telegraph was compromised by Romanian hacking group, Hackersblog late last week.

The self-confessed ethical hacker group posted information and screen shots that detailed its SQL injection hack which revealed "full access to all the databases of this famous newspaper".

A HackersBlog blogger, going by the name of Unu, said the compromise exposed much of the Telegraph's database, including about 700,000 subscriber email addresses as well as their passwords in clear text.

In a statement on the Telegraph's website, Paul Cheesbrough, chief information officer for Telegraph Media Group, said the hack probed database tables behind one of its partner sites, search.property.telegraph.co.uk, and "exposed a weakness in the way that particular site had been coded."

"The problem being highlighted does not affect the main telegraph.co.uk site, as some of our competitors are reporting," said Cheesbrough.

"The Telegraph Media Group does take anything that potentially compromises the security of our site and the data that we hold extremely seriously," he added.

"We immediately took the impacted site down on Friday, and the two-year-old third party code is being re-written to eliminate the issues that hackersblog.org brought to our attention."

Cheesbrough went so far as to thank the team at hackersblog.org for bringing these issues to his attention. "We've listened, and we're working with the partner site to sort out the cause of the problem."

Rik Ferguson, solutions architect at Trend Micro, wrote on the company's security blog that affected people should change their password on that and perhaps other sites. "Recently published research showed that 61 percent of people use the same password for multiple sites, so this kind of compromise represents real risk for many people."

Ferguson offered tips for maintaining password security online. "Choose three complex passwords, easy to remember but difficult to guess, use a combination of numbers, upper and lower case letter and special characters like !£$@&," he wrote.

"Use the first password as a general one for the majority of sites that require passwords to login. The second password, use for your email account and only your email account, that way, should your email be compromised, you do not have to worry about your other services. Finally use the third password for any websites that could have financial consequences," he said.