Telegraph Media Group thanks hackers for highlighting website vulnerability

Hackersblog, which has exposed vulnerabilities in several prominent websites, claims databases at The Telegraph are vulnerable to SQL injection attack

The Telegraph Media Group has thanked hackers for highlighting the vulnerability of one of its partner websites.

Hackersblog, which has exposed vulnerabilities in several prominent websites, claimed that all databases at the Telegraph were vulnerable to SQL injection attack.

The blog post said hundreds of thousands of subscriber e-mails and passwords could be accessed using this simple attack method.

Paul Cheesbrough, chief information officer for Telegraph Media Group, said in a statement that the hack had exposed a weakness only in partner site

"The problem being highlighted does not affect the main site," he said.

According to Cheesbrough, the affected site was closed down immediately to revise the two-year-old third-party code to eliminate the issues that Hackersblog identified.

"Hackers are rarely embraced as being friends, but in this instance it is important to thank the team at Hackersblog for bringing these issues to our attention," he said.

Rik Ferguson, a senior security advisor at Trend Micro, said this kind of compromise represents a real risk for many people as recently published research shows that 61% of people use the same password for multiple sites.

According to Ferguson, users of online services can improve personal security by choosing three complex passwords.

These passwords should be easy to remember, but difficult to guess and should use a combination of numbers, upper and lower case letters and special characters, he said in a blog post.

The first password should be used as general one for the majority of sites that require passwords to login. The second password should be used for e-mail only.

"That way, should your e-mail be compromised, you do not have to worry about your other services," he said.

The third password should be used for any websites that could have financial consequences, and all three should be changed at least every six months, said Ferguson.

Read more on Hackers and cybercrime prevention