The Telegraph Media Group has thanked hackers for highlighting
the vulnerability of one of its partner websites.
Hackersblog, which has exposed vulnerabilities in
several prominent websites, claimed that all databases at the
Telegraph were vulnerable to SQL injection attack.
The
blog posting said hundreds of thousands of subscriber e-mails
and passwords could be accessed using this simple attack
method.
Paul Cheesbrough, chief information officer for Telegraph Media
Group, said in a statement that the hack had exposed a weakness
only in partner site search.property.telegraph.co.uk.
"The problem being highlighted does not affect the main
telegraph.co.uk site," he said.
According to Cheesbrough, the affected site was closed down
immediately to revise the two-year-old third-party code to
eliminate the issues that Hackersblog identified.
"Hackers are rarely embraced as being friends, but in this
instance it is important to thank the team at Hackersblog for
bringing these issues to our attention," he said.
Rik Ferguson, a senior security advisor at Trend Micro, said
this kind of compromise represents a real risk for many people as
recently published research shows that 61% of people use the same
password for multiple sites.
According to Ferguson, users of online services can improve
personal security by choosing three complex passwords.
These passwords should be easy to remember, but difficult to
guess and should use a combination of numbers, upper and lower case
letters and special characters, he said in a
blog
posting.
The first password should be used as general one for the
majority of sites that require passwords to login. The second
password should be used for e-mail only.
"That way, should your e-mail be compromised, you do not have to
worry about your other services," he said.
The third password should be used for any websites that could
have financial consequences, and all three should be changed at
least every six months, said Ferguson.