Well, it looks like the folks over at hackersblog have been at it again, specifically Unu.
The SQL injection appears to lay bare much of the database, unfortunately including hundreds of thousands of subscriber email addresses and more worryingly, passwords in clear text.
Recently published research showed that 61% of people use the same password for multiple sites, so this kind of compromise represents real risk for many people.
Of course I contacted the Telegraph as soon as this compromise came to my attention and I am sure they are working hard on a resolution.
UPDATE: The people at the Telegraph reacted in a commendably timely fashion to this incident, which is detailed here.
In the meantime, it you are a Telegraph subscriber and are concerned about the safety of any other online accounts you may have I would encourage you to change your passwords on those other accounts, and of course on the Telegraph web site.
Here are a few tips for maintaining password security online.
- Choose three complex passwords, easy to remember but difficult to guess, us a combination of numbers, upper and lower case letter and special characters like !£$@&. (Trend Micro’s advice on password creation is available in our Safe Computing Guide).
- Use the first password as a general one for the majority of sites that require passwords to login. The second password, use for your email account and only your email account, that way, should other servies be compromised, you do not have to worry about your email account. Finally use the third password for any websites that could have financial consequences.
- These passwords should never be shared and should be changed at least every six months.
- Finally, for those of you out there hosting web sites that hold other people’s data, have a look at the guidelines in my earlier bog entry about Spotify…