The UK newspaper business must be wondering what’s going on these days. Only a few weeks after the News of the World was forced to shut up shop for good amongst phone hacking scandals, it’s now been reported that The Sun has suffered a serious breach of security with details of customers stolen and re-published elsewhere on the web.
It is claimed that thousands of people who entered competitions on the The Sun’s official website have been contacted by the newspaper to warn them that their personal information may have been stolen. Apparently the data was copied from The Sun’s database when their site was hacked into on 19th July of this year. Some information has been found already posted online, including applications for the “Miss Scotland” competition. The Sun has said in a statement that the matter has been reported to the police and the Information Commissioner.
Unfortunately for The Sun, there is very little they can do to rescue this situation. Once details have been removed and copied, it can change hands very quickly, so apart from issuing an apology to those affected, their hands will be tied, even though they say they are working with the authorities to resolve the matter. They [The Sun] have said they will be contacting all customers affected.
Data stolen appears to be information including names, addresses, dates of birth, email addresses and phone numbers. Although no financial data has been stolen (apparently), the information taken could be used in attempts at identity theft. With unscrupulous people looking at ways to capture this kind of information in bulk, the database is sure to attract the attention of many criminals online.
It has been suggested that a sample of the data stolen has already been posted on Pastebin, which is a popular document sharing website. Once there, it will be in the public forum where it may be copied to many other sites. Fortunately there has been no suggestion that the entire database has been posted yet. No doubt The Sun, and its publisher, News Group, will be watching with baited breath to see if the database crops up anywhere. They will of course be hoping the damage can be limited to only a small section of data.
It appears that the data was stolen at the same time The Sun’s website was hacked into and defaced in July. Hacktivist group “Lulz” has been linked to the attack, when Lulz Security (LulzSec) claimed responsibility for it. At the time it appeared that the damage was limited to vandalism, but now it’s possible the situation could be much worse. In July, Lulz posted a bogus story on The Sun’s site claiming that Rupert Murdoch had died. At the same time, those using the site to enter competitions were redirected to another bogus site that was capturing user information.
It is thought that the data stolen from the site could go back as far as two years, and that will leave users of The Sun’s website wondering why their personal information was being stored for so long.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.