The Tech Herald

The Guardian: Up to half a million users may have been compromised

by Steve Ragan - Oct 26 2009, 21:16

The Guardian says that up to half a million users may have been compromised

According to the latest information, The Guardian has contacted up to half a million users of its UK Jobs portal to inform them that their personal information might be at risk. The risk stems from what is being called a deliberate and sophisticated crime, “of which the Guardian is a victim in addition to some of our users,” the news agency reported.

On Friday evening, The Guardian was alerted of a security breach to their UK Jobs portal. The technical details of the attack and all related information are being withheld, but on Saturday the news agency said that their provider, Madgex, confirmed the portal was secure. The US Jobs portal was not impacted by the security breach.

In accordance with the Information Commissioner’s guidance on data protection, The Guardian said that they have identified and contacted, or attempted to contact, everyone who may be at risk.

“The police remain anxious to keep information about the apparent theft to a minimum, in order not to compromise their investigations, but did agree with us that we could inform those users who may be affected. We stress our regret that this breach has occurred. This is apparently a deliberate and sophisticated crime, of which the Guardian is a victim in addition to some of our users. We are continuing to work closely with our service provider and the police, who are undertaking a full investigation through the central e-crime unit at New Scotland Yard. Please continue to visit this site for regular updates,” said The Guardian in a statement.

While the idea is pure speculation, in the past, attacks on Job portals have led to Phishing attacks that are personal in nature, as was the case with or Ireland’s

"Although top Web sites have been - and continue to be - targeted by cybercriminals, those sites that store identity information will continue to a primary target, especially now that criminal hackers are being affected by the economic situation we all find ourselves in," said Yuval Ben Itzhak, Finjan's chief technology officer.

"Usually, cybercriminals are using this type of stolen data to create fake identities, as well as generating spam plus Phishing attacks, as well as many other scams. Auctioning stolen identity information is another technique that our researchers have spotted. It's also worth noting that Guardian portal is not alone in being attacked by cybercriminals, as other US job sites have also been hit using this hacker methodology," he added.

Securing Web applications using web application firewalls and securing the backend database using database security tools, he explained, are a logical course of preparing to defend those IT resources that contain personal and business data.

Another security vendor, Imperva, said that SQL Injection flaws might well be the cause for The Guardian’s attack over the weekend, mirroring Itzhak’s note that securing Web applications is highly important for businesses.

Amichai Shulman, Imperva's chief technology officer, said that the most eye-catching feature of the site hack is the use of the phrase `sophisticated and deliberate attack.'

"Our experience shows that `sophisticated attack' is usually a pseudonym for `SQL Injection', although I must admit that an initial glimpse into the site hints that it may actually be a more sophisticated hack than the usual. At the end of the day, however, I don't think that it's much more than SQL Injection, sophisticated or otherwise," he said.

"If it were a Trojan based attack then they would have stated it by now and used a different wording like `hackers who managed to break into the Guardian network."

According to Shulman, if, as seems likely, an SQL injection attack was to blame for the Guardian site hack, then tagging it as `sophisticated' might be a bit misleading, though not uncommon. Organizations, he explained, have a tendency in such attacks to attach superlatives to the attack techniques used in a compromise in order to diminish from their responsibility.

"The only positive thing one can say is that the Guardian is not itself to blame," Shulman noted. At the same time, "This is small comfort to site users, however, who will now be worried about identity theft issues," he added.

The Guardian will update their information page as new developments warrant. You can view that here.


Around the Web

Comment on this Story

comments powered by Disqus


Mazda to debut CX-3 and MX-5 at Los Angeles Auto Show

Mazda has announced plans to premiere the new Mazda CX 3, its new compact crossover SUV, at ...

Ford issues safety recall for 204,448 Ford Edge and Lincoln MKX

Ford has issued a safety recall for 204,448 of the 2007-2008 Ford Edge and Lincoln MKX in No...

Mopar Previews SEMA Custom Rides

We have added a set of pictures released by Mopar ahead of the SEMA Show. Mopar are bri...

Audi R8 Competition – The Most Powerful Production Audi Ever

Audi has revealed details of their new super-fast Audi R8 Competititon — the most powerful a...

2015 Nissan Quest Prices and Specs

Nissan has released pricing and specifications for the 2015 Nissan Quest. The family targete...