Saturday 21 October 2017

Racing Post hit by cyber attack

Oliver Duggan

The Racing Post website has come under a "sophisticated, sustained and aggressive" cyber attack.

Hackers accessed a database owned by the betting news website which contained the private information of "hundreds of thousands" of users.

People with profiles on the site were told that their full names, encrypted passwords, and email and residential addresses could have been stolen.

The company warned readers in an email: "Our site was the subject of a sophisticated, sustained and aggressive attack, in which one of our databases was accessed and customer details were stolen.

"Customer credit and debit card details are not stored on the site and have therefore not been accessed and are not at risk. The information at risk from the database that was compromised will vary in the case of each customer, depending on how much information you gave us when you registered."

"It includes: usernames, first and last names, encrypted passwords, email and customer addresses and date of birth."

Racing Post confirmed in an subsequent email sent to affected users that "a number of customer accounts were accessed".

The email said: "Although all the passwords are encrypted, we believe that there is still a chance that some passwords can be deciphered. As yours is one of the accounts involved, there is a risk of identity theft."

Racing Post editor Bruce Millington said: "It's certainly a six-figure number that have been effected, we're talking about hundreds of thousands of people.

"Security is an area we take extremely seriously and our website has not been compromised previously. As soon as we were aware of the situation we did everything in our power to halt the breach.

"As part of our efforts to resolve the issue, we have turned off the ability to register / log-on to racingpost.com. We are extremely sorry that this unfortunate incident has occurred. We believe it may be part of a wider attack on a number of companies."

He added that they expected the site to be fully operational within a few days and confirmed the relevant authorities has been contacted.

Lloyd Brough, cyber incident response director at NCC Group, said: "This breach has shown that even those organisations who operate in risk aware markets such as sports betting can still become victims of cyber compromise.

"However, Racing Post should be commended for quickly disclosing the extent of the breach, the information that was taken and disabling account functions.

"The future potential implications from this compromise include phishing attacks via e-mail in order to obtain further sensitive data from the victims. Users who have used the same username and password combinations elsewhere are also under greater threat as the criminals could use the stolen details to access other accounts."

Online Editors

Also in Business