The HackersBlog crew, who had previously exposed vulnerabilities in a number of security vendor sites and a social networking site, now reports that they were able to exploit an SQL injection vulnerability to access The Telegraph’s databases, including one that has 700,000 email addresses and passwords of those receiving the paper’s newsletter. Given how many people continue to use the same password for multiple purposes, Telegraph readers who signed up might want to use this as a wake up call to change their passwords on other accounts. The blog points to a Trend Micro
blog entry by Rik Ferguson for advice on passwords.
So far, I do not see any acknowledgment or mention of the hack on The Telegraph’s site.