Telegraph hack exposes subscriber details
Self proclaimed ethical hackers' group, Hackersblog, used an SQL injection attack to access the Telegraph's website.
The group posted information and screen shots that detailed its SQL injection hack which revealed "full access to all the databases of this famous newspaper".
A member of the group, going by the name of Unu, said the compromise exposed much of the Telegraph's database. This included about 700,000 subscriber email addresses as well as their passwords in clear text.
Paul Cheesbrough, the chief information officer for Telegraph Media Group, said the hack probed database tables behind one of its partner sites - search.property.telegraph.co.uk. The hackers had then "exposed a weakness in the way that particular site had been coded."
"The problem being highlighted does not affect the main telegraph.co.uk site, as some of our competitors are reporting," said Cheesbrough.
"The Telegraph Media Group does take anything that potentially compromises the security of our site and the data that we hold extremely seriously," he added.
"We immediately took the impacted site down on Friday, and the two-year-old third party code is being re-written to eliminate the issues that hackersblog.org brought to our attention."
Cheesbrough even thanked the team at hackersblog.org for bringing these issues to his attention. He stated: "We've listened, and we're working with the partner site to sort out the cause of the problem."
No responsibility can be taken for the content of external Internet sites.
Return to internet news headlines
View Internet News Archive