Threatwatch

Horse betting site loses passwords

Network intrusion; Stolen credentials; User accounts compromised

News and gambling portal Racingpost.com is notifying customers through email of a “sophisticated, sustained and aggressive attack” on a site database that compromised account details.

“Although all the passwords are encrypted, we believe that there is still a chance that some passwords can be deciphered. As yours is one of the accounts involved, there is a risk of identity theft,” the email states.

Racingpost says the site does not store credit card details and those were not taken.

Cyber researcher Graham Cluley adds, “As has become worryingly common with notifications of password database breaches, no details are shared by the Racing Post about the nature of the encryption used in the database or – most importantly – whether the passwords were salted and hashed to prevent easy decryption by hackers.”

A notice on the site states the incident occurred on Friday and Saturday. The data at risk varies for each victim, depending on how much information the customer supplied when registering. The details affected include usernames, first and last names, passwords, email and mailing addresses, and birthdates. 

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.

sector

Entertainment

reported

November 25, 2013

reported by

The Register

number affected

Unknown

location of breach

Unknown

perpetrators

Unknown

location of perpetrators

Unknown

date breach occurred

2013, between Nov. 22 and Nov. 23

date breach detected

Unknown