The Sun is the biggest selling newspaper in the UK, and famous for some truly scything political headlines over the years. Today the Rupert Murdoch owned red top tabloid finds itself on the wrong side of the headline writing tracks after it admitted that reader data may be at risk following a security breach.
According to The Guardian , News International has sent emails to "thousands of people to warn them" that their personal details may have been compromised if they entered competitions and polls on the official Sun newspaper website.
The director of customer data for News International, Chris Duncan, has sent those emails and states that the breach took place on the 19th July when The Sun appeared to publish a story that Rupert Murdoch was dead. In fact, LulzSec claimed responsibility for hacking the Sun site and planting that story.
Now News International is saying that some customer information was breached, although in the email Duncan insists that "no financial or password information was compromised". That said, names, addresses, dates of birth, email and telephone number data was accessed.
That data has now been published by someone claiming no affiliation with LulzSec, which is confusing as it was that hacking group which certainly did claim responsibility for the breach itself. How Batteye, the hacker in question, got hold of the data is unknown at the time of writing. What is known is what Batteye says himself when talking about the leaked Sun information he warns he will "continue by exposing the world for what it is; a less than perfect place where we cannot trust those who we ask to protect our information".
"Cybercriminals will be rubbing their hands in glee at getting hold of data such as names, email addresses, dates of birth and phone numbers," said Graham Cluley , senior technology consultant at Sophos. "The stolen information can be used to target innocent individuals. For instance, a scammer could email a beauty contest applicant, trick them into believing that it was the newspaper contacting them and attempt to steal money or further information."
Mike Smart, a Director at SafeNet, added that "while News International acknowledges financial details are secure as you would expect, the loss of so much unencrypted soft social data on names, addresses, emails and date of birth offers a delicious feast of possibilities for scammers and spear-phishers. With how their brand and reputation for trust has been so severely shaken, investing in proven and workable countermeasures like encryption to protect their readers seems an obvious step for News International to take".
I'm a hacker turned writer and consultant, specialising in IT security. I've been a freelance word punk for over 20 years and along the way I have seen 23 of my books published, produced and presented programmes for TV and radio, picked up a bunch of awards and continue being a contributing editor with PC Pro - the best selling IT magazine in the UK .
As a writer on all things IT security related, but also someone with a political mindset which is most certainly not aligned with that of the Murdoch media empire (despite, or perhaps because of, writing for them myself many years ago) I feel somewhat conflicted about this story. Part of me is sad for the people whose data has been compromised, part of me is happy for Murdoch to take another blow to his business sphericals.