Sophisticated Attack Compromised The Guardian’s UK Jobs Website
The Guardian informed almost half a million of its UK-based job website users through e-mails that "a sophisticated and deliberate attack", which hit the site on the night of October 23, 2009, might have compromised some of their personal data.
A security notice was later on posted by The Guardian on its jobs website. The notice stated that the supplier who operates the website has recognized the mode in which it has been hacked, and appropriate steps have been taken to prevent a recurrence.
Though, it is a mere speculation, attacks on job portals in the past have resulted in phishing attacks which were personal in nature, like in the case of Monster.com and Ireland's Jobs.ie. Hackers have previously hunted recruitment sites like Monster.com to acquire data for spear phishing attacks or ID Fraud, i.e. personalized e-mail scams.
Yuval Ben Itzhak, chief technology officer at website security solutions provider Finjan, said that although renowned websites have been and will continue to be the favorite and easy target for the cyber criminals, hackers will continue to target sites that specifically contain identity information, as reported by The Tech Herald on October 26, 2009.
Yuval further added that along with various other scams, cybercriminals often use stolen data to develop fake identities as well as to generate phishing attacks and spam. Researchers have identified that auctioning stolen identity information is yet another practice popular among hackers. Through this hacker methodology not only the Guardian portal, but various other US jobs websites have been severely hit by cyber crooks.
According to a Guardian spokesperson, around 10 Million unique users get registered with the site every year. He told that the hack was clogged before its culmination. Technical details along with the related information about the attack are being withheld.
The spokesperson added that as soon as the website was informed of the problem, immediate action as taken due to support from the information commissioner, who gave guidance on data protection. As the site considered that transparency must be maintained with its users, it decided to alert them immediately.
Related article: Substantial Growth in Organized Cybercrime in 2008
» SPAMfighter News - 06-11-2009