UK Telegraph web site compromised

Well, it looks like the folks over at hackersblog have been at it again, specifically Unu.

 

Hackersblog have made some high profile web site compromises recently and today they posted evidence that they had compromised the website of the UK national daily newspaper, The Telegraph.

 

 

The SQL injection appears to lay bare much of the database, unfortunately including hundreds of thousands of subscriber email addresses and more worryingly, passwords in clear text.

 

Recently published research showed that 61% of people use the same password for multiple sites, so this kind of compromise represents real risk for many people.

 

Of course I contacted the Telegraph as soon as this compromise came to my attention and I am sure they are working hard on a resolution.

 

UPDATE: The people at the Telegraph reacted in a commendably timely fashion to this incident, which is detailed here.

 

In the meantime, it you are a Telegraph subscriber and are concerned about the safety of any other online accounts you may have I would encourage you to change your passwords on those other accounts, and of course on the Telegraph web site.

 

Here are a few tips for maintaining password security online.

 

  • Choose three complex passwords, easy to remember but difficult to guess, us a combination of numbers, upper and lower case letter and special characters like !£$@&. (Trend Micro’s advice on password creation is available in our Safe Computing Guide).

 

  • Use the first password as a general one for the majority of sites that require passwords to login. The second password, use for your email account and only your email account, that way, should other servies be compromised, you do not have to worry about your email account. Finally use the third password for any websites that could have financial consequences.

 

  • These passwords should never be shared and should be changed at least every six months.

 

  • Finally, for those of you out there hosting web sites that hold other people’s data, have a look at the guidelines in my earlier bog entry about Spotify…

16 thoughts on “UK Telegraph web site compromised

  1. Pingback: Daily Telegraph web site compromised, hackers claim | Richard Hartley

  2. Pingback: HackersBlog » Blog Archive » Telegraph.co.uk hacked - when will they learn?

  3. Pingback: +++ Telegraph Users Passwords and Emails Hacked +++ - Guy Fawkes' blog

  4. Boris Yeltsin

    You write:
    Use the first password as a general one for the majority of sites that require passwords to login. The second password, use for your email account and only your email account, that way, should your email be compromised, you do not have to worry about your other services.

    DOH. If your email account is compromised, then why shouldn’t “they” go through your email, find your “sign up” emails and go back to all of those sites asking for passwords to be reset, or to be emailed the password or whatever?

    No, get a simple encryption app to protect a database of different passwords. It should be secured using a master password that is not used anywhere else. Use a virus/trojan scanner if you’re using Windows so you don’t get keylogged. Use Steel for Mac, or KeyPass for Windows.

    Reply
    1. Rik Ferguson Post author

      Heh, nice observaration Boris as regards webmail accounts, my recommendation would certainly be to use a local client to store historical mails, especially those containing sensitive information., rather than leaving them in your online account.

      I like the idea of encrypting your paswords locally, but I don’t completely understand how that would protect your credentials from being guessed, brute-forced, socially engineered or simply given away….

      The other downside to using a locally encrypted password database is of course the fact that you are no longer as mobile (with logins) as you otherwise would be.

      Having said that, the email account is always the holy grail of anyone trying to gain illicit access to any service online and should be protected with a very secure, difficult to guess password.

      Reply
  5. Pingback: Telegraph site attacked, claim hackers

  6. Pingback: Telegraph site attacked, claim hackers | PTC07NEWS

  7. Pingback: Hackersblog and Telegraph.co.uk | News in brief

  8. Pingback: Telegraph.co.uk hacked | Developer Oracles

  9. Simon

    “and more worryingly, passwords in clear text”

    What’s more worrying about that is that the passwords have been stored in a way that this could happen. If they used the standard one way encryption like MD5, they would only ever appear as jargon.

    Reply
  10. Pingback: Telegraph site attacked, claim hackers : SupaFeed

  11. Pingback: Hackers claim attack over Daily Telegraph web site | Digital Prank

  12. Pingback:   Daily Telegraph web site compromised, hackers claim by Dinters Technology News

  13. Pingback: HackersBlog » Blog Archive » Telegraph.co.uk hacked, sql injection

Leave a Reply

Your email address will not be published. Required fields are marked *

*