Feeds

Sun compo entrants' privates exposed in public

Hacker posts Pastebin pasting

Top 5 reasons to deploy VMware with Tegile

Security lapses at News International have exposed the email addresses and other personal information of readers who entered competitions in The Sun, the UK's biggest selling daily newspaper.

The names, addresses, phone numbers and dates of birth of thousands of people were also exposed by the hack, reckoned to have probably taken place at the same time that The Sun's website was hacked last month to redirect surfers towards a fictitious story on the supposed death of media mogul Rupert Murdoch.

Some of the data, including applications for the Miss Scotland beauty contest, has already been posted online. Entrants to a Wrigleys football competition, an Xbox competition, details of royal wedding well-wishers, and information from a forum for bullied people was also uploaded to Pastebin, The Guardian reports.

The data was uploaded by an individual called Batteye, who praised the actions of Anonymous as a whole and LulzSec, the hacktivist sub-group that returned from semi-retirement to carry out the 19 July Sun redirection hack. His rationale for exposing the private data of individuals in order to get at News Corp can be found here.

News International, publishers of The Sun and the firm currently in the middle of an ongoing phone and (now) computer hacking scandal, is reportedly going to contact affected individuals directly. Meanwhile the firm has reported the breach to both the police and the Information Commissioner, the BBC reports.

Miscreants could use the stolen information to mount targeting phishing scams. Neither financial information or passwords were exposed by the breach. Even so, News International ought to have encrypted personal data it holds, according to security firms, who said that the newspaper publisher had fallen well short of best practice.

"What this incident illustrates yet again is that consumer brands that we entrust our personal details must take their responsibilities much more seriously," said Mike Smart, EMEA product and solutions director at SafeNet. "While News International acknowledges financial details are secure as you would expect, the loss of so much unencrypted soft social data on names, addresses, emails and dates of birth offers a delicious feast of possibilities for scammers and spear-phishers."

Smart added: "With how their brand and reputation for trust has been so severely shaken, investing in proven and workable countermeasures like encryption to protect their readers seems an obvious step for News International to take." ®

Beginner's guide to SSL certificates

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?