Feeds

Sun compo entrants' privates exposed in public

Hacker posts Pastebin pasting

Securing Web Applications Made Simple and Scalable

Security lapses at News International have exposed the email addresses and other personal information of readers who entered competitions in The Sun, the UK's biggest selling daily newspaper.

The names, addresses, phone numbers and dates of birth of thousands of people were also exposed by the hack, reckoned to have probably taken place at the same time that The Sun's website was hacked last month to redirect surfers towards a fictitious story on the supposed death of media mogul Rupert Murdoch.

Some of the data, including applications for the Miss Scotland beauty contest, has already been posted online. Entrants to a Wrigleys football competition, an Xbox competition, details of royal wedding well-wishers, and information from a forum for bullied people was also uploaded to Pastebin, The Guardian reports.

The data was uploaded by an individual called Batteye, who praised the actions of Anonymous as a whole and LulzSec, the hacktivist sub-group that returned from semi-retirement to carry out the 19 July Sun redirection hack. His rationale for exposing the private data of individuals in order to get at News Corp can be found here.

News International, publishers of The Sun and the firm currently in the middle of an ongoing phone and (now) computer hacking scandal, is reportedly going to contact affected individuals directly. Meanwhile the firm has reported the breach to both the police and the Information Commissioner, the BBC reports.

Miscreants could use the stolen information to mount targeting phishing scams. Neither financial information or passwords were exposed by the breach. Even so, News International ought to have encrypted personal data it holds, according to security firms, who said that the newspaper publisher had fallen well short of best practice.

"What this incident illustrates yet again is that consumer brands that we entrust our personal details must take their responsibilities much more seriously," said Mike Smart, EMEA product and solutions director at SafeNet. "While News International acknowledges financial details are secure as you would expect, the loss of so much unencrypted soft social data on names, addresses, emails and dates of birth offers a delicious feast of possibilities for scammers and spear-phishers."

Smart added: "With how their brand and reputation for trust has been so severely shaken, investing in proven and workable countermeasures like encryption to protect their readers seems an obvious step for News International to take." ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.