Australia: 13,000+ User Accounts Leaked From Fairfax Media Because…. SQLi
I knew if I waited a day, Lee Johnstone would analyze the data and make some sense of it for us. 🙂 RiskBasedSecurity reports:
It’s become cliche for news articles about data breaches to begin with: “hardly a day goes by without a new headline announcing yet another data breach”. Today, RBS’ researchers discovered that a publisher of those very same breach headlines have, themselves, been the target of hackers. Two Australian-based news websites, The Sydney Morning Herald and The Age Digital Editions, have been hacked and as a result, over 13,000 email subscriber accounts have been leaked online.
The two targeted sites are owned and operated by Fairfax Media, one of the largest media outlets in Australia and New Zealand. Data from two sites was posted online shortly before midnight (in Sydney) on May 18th. At first glance, this data appeared to come from a subscriber email list. RBS researchers contacted the party responsible for the leak and were able to confirm that the data is, indeed, an email list from a database utilized by both websites.
Read more on RiskBasedSecurity. As of this morning, the data dump, which I had downloaded yesterday, appears to have been removed from siph0n.in. Of course, that doesn’t mean it’s not been mirrored or stored elsewhere.