The Guardian: Up to half a million users may have been compromised

The Guardian says that up to half a million users may have been compromised

According to the latest information, The Guardian has contacted up to half a million users of its UK Jobs portal to inform them that their personal information might be at risk. The risk stems from what is being called a deliberate and sophisticated crime, “of which the Guardian is a victim in addition to some of our users,” the news agency reported.

On Friday evening, The Guardian was alerted of a security breach to their UK Jobs portal. The technical details of the attack and all related information are being withheld, but on Saturday the news agency said that their provider, Madgex, confirmed the portal was secure. The US Jobs portal was not impacted by the security breach.

In accordance with the Information Commissioner’s guidance on data protection, The Guardian said that they have identified and contacted, or attempted to contact, everyone who may be at risk.

“The police remain anxious to keep information about the apparent theft to a minimum, in order not to compromise their investigations, but did agree with us that we could inform those users who may be affected. We stress our regret that this breach has occurred. This is apparently a deliberate and sophisticated crime, of which the Guardian is a victim in addition to some of our users. We are continuing to work closely with our service provider and the police, who are undertaking a full investigation through the central e-crime unit at New Scotland Yard. Please continue to visit this site for regular updates,” said The Guardian in a statement.

While the idea is pure speculation, in the past, attacks on Job portals have led to Phishing attacks that are personal in nature, as was the case with Monster.com or Ireland’s Jobs.ie.

"Although top Web sites have been - and continue to be - targeted by cybercriminals, those sites that store identity information will continue to a primary target, especially now that criminal hackers are being affected by the economic situation we all find ourselves in," said Yuval Ben Itzhak, Finjan's chief technology officer.

"Usually, cybercriminals are using this type of stolen data to create fake identities, as well as generating spam plus Phishing attacks, as well as many other scams. Auctioning stolen identity information is another technique that our researchers have spotted. It's also worth noting that Guardian portal is not alone in being attacked by cybercriminals, as other US job sites have also been hit using this hacker methodology," he added.

Securing Web applications using web application firewalls and securing the backend database using database security tools, he explained, are a logical course of preparing to defend those IT resources that contain personal and business data.

Another security vendor, Imperva, said that SQL Injection flaws might well be the cause for The Guardian’s attack over the weekend, mirroring Itzhak’s note that securing Web applications is highly important for businesses.

Amichai Shulman, Imperva's chief technology officer, said that the most eye-catching feature of the site hack is the use of the phrase `sophisticated and deliberate attack.'

"Our experience shows that `sophisticated attack' is usually a pseudonym for `SQL Injection', although I must admit that an initial glimpse into the site hints that it may actually be a more sophisticated hack than the usual. At the end of the day, however, I don't think that it's much more than SQL Injection, sophisticated or otherwise," he said.

"If it were a Trojan based attack then they would have stated it by now and used a different wording like `hackers who managed to break into the Guardian network."

According to Shulman, if, as seems likely, an SQL injection attack was to blame for the Guardian site hack, then tagging it as `sophisticated' might be a bit misleading, though not uncommon. Organizations, he explained, have a tendency in such attacks to attach superlatives to the attack techniques used in a compromise in order to diminish from their responsibility.

"The only positive thing one can say is that the Guardian is not itself to blame," Shulman noted. At the same time, "This is small comfort to site users, however, who will now be worried about identity theft issues," he added.

The Guardian will update their information page as new developments warrant. You can view that here.


 

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Awesome Stuff Made Out Of Car Parts

An awesome picture has started doing the rounds showing a bathroom with sinks made out of car tires and faucets created from gas pumps. It’s the ideal bathroom for any discerning car nut. That got us thinking — what other stuff is there made out of car parts and car paraphernalia. Here are some of the coolest […]

Range Rover Evoque Convertible Confirmed

Land Rover has officially confirmed that the Range Rover Evoque Convertible will go on sale in 2016. The company released some publicity photos showing a prototype of the Evoque Convertible driving through train tunnels under construction in London. The company says use of the Crossrail tunnels let them test the convertible in privacy. A Land […]

Mercedes-AMG GT3 Racing Car to Debut at Geneva Motor Show

The company says the standard Mercedes-AMG GT already provides the ideal base for the race model, with low centre of gravity, good weight distribution and wide track width.The driver sits on a carbon-fibre seat pan and is protected by a roll-over cage made from high-tensile steel.The engine cover, doors, front wing, sidewalls, side skirts, diffuser, […]

Lamborghini Aventador Wallpaper

Lamborghini Aventador wallpaper for your desktop or mobile device. The Aventador LP 700–4  has a 6.5 liter V12 that will go 0–60 mph in  2.9 seconds and take you all the way to 220mph and maybe beyond.Each image links to a page with multiple sizes of wallpaper you can download.

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in the photo is probably causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a university in the UK told the BBC that it was impossible to see what other people see but that it […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]