TechTarget

Racing Post warns users of website breach

The Racing Post is advising users of its website to change their passwords for other sites if they use the same one in case hackers break the encryption

The Racing Post is advising users of its website to change their passwords for other sites if they use the same...

one in case hackers break the encryption.

The company has promised to adopt "stringent" new measures to prevent a repeat of the weekend security breach on its website racingpost.com.

The Racing Post said its website was hit by a "sophisticated, sustained and aggressive" attack that compromised a database containing customer details including usernames and encrypted passwords.

The company said the risk will vary according to how much information users gave when they registered, but that no credit or debit card details are at risk.

“Betting through the site with our partner bookmakers has at all times been unaffected as this activity takes place directly with the bookmaker,” the company said in a statement on its website.

The Racing Post said it has turned off the ability to register or login to racingpost.com, making the site safe to use.

Racing Post editor Bruce Millington the attack may be part of a wider attack on a number of companies.

Lloyd Brough, cyber incident response director at information assurance firm NCC Group, said the attack appears to be a common web application vulnerability that was exploited to compromise the database.

“While it is positive Racing Post has been quick to disclose the breach, providing further technical details on what type of 'encryption' was used for the passwords would have helped further inform technical users,” he said.

According to Brough, organisations often claim encryption, where in fact they are using hashing via algorithms such as MD5 without salts or iteration counts.

“If this is the case then it is little better than using unencrypted password due to the trivial nature of recovering them,” he said.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close