Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The details of half a million web users could be at risk after hackers used a sophisticated attack to penetrate the security of The Guardian's Jobs web pages.
The newspaper was quick to respond to the breach, and users of the site whose details were thought to have been compromised were emailed with a warning and information about what had happened.
"We have been assured by our provider that the system is now secure and we have identified and contacted everyone who may have been affected," said the company in a security update.
A later statement said that around 500,000 of the site's 10.4 million users could have had their data compromised. The paper added that it had contacted the Information Commissioner's Office in the UK, as it should, and is working with Scotland Yard's e-crime unit to resolve the issue.
"The police remain anxious to keep information about the apparent theft to a minimum in order not to compromise their investigations, but did agree with us that we could inform those users who may be affected," read the statement.
"We stress our regret that this breach has occurred. This is apparently a deliberate and sophisticated crime, of which The Guardian is a victim in addition to some of our users."
Patrik Runald, senior manager at security firm Websense, urged users of the jobs site to be cautious about their data for some weeks to come, suggesting that the criminals could use the information to build up a sophisticated social attack over a period of time.
"The bad guys having access to personal information about the target makes it possible to create a very attractive and believable email that will have a high likelihood of tricking the recipient into clicking on a link or running an attachment," he said.
"We advise anyone who has received notification from The Guardian that their personal data has been compromised to take extra care over the next few weeks, both at home and at work."
Phil Jevans, chief executive at Iron Key and chairman of the Anti-Phishing Working Group, went further, explaining that the hack signalled the death of old methods of online security and paved the way for more secure alternatives.
"The attack on the Guardian Jobs web site demonstrates why the days of a username, email address and password being sufficient to protect your data on the internet are over," he said, adding that two-factor authentication is the best available method for providers and businesses alike.
"We need these protections for online services that are accessed by consumers, and for cloud computing services that companies are beginning to outsource their data services to," he explained.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.