Horse betting site loses passwords
Network intrusion; Stolen credentials; User accounts compromised
News and gambling portal Racingpost.com is notifying customers through email of a “sophisticated, sustained and aggressive attack” on a site database that compromised account details.
“Although all the passwords are encrypted, we believe that there is still a chance that some passwords can be deciphered. As yours is one of the accounts involved, there is a risk of identity theft,” the email states.
Racingpost says the site does not store credit card details and those were not taken.
Cyber researcher Graham Cluley adds, “As has become worryingly common with notifications of password database breaches, no details are shared by the Racing Post about the nature of the encryption used in the database or – most importantly – whether the passwords were salted and hashed to prevent easy decryption by hackers.”
A notice on the site states the incident occurred on Friday and Saturday. The data at risk varies for each victim, depending on how much information the customer supplied when registering. The details affected include usernames, first and last names, passwords, email and mailing addresses, and birthdates.
ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.
November 25, 2013
Link to report
location of breach
location of perpetrators
date breach occurred
2013, between Nov. 22 and Nov. 23
date breach detected