Personal details of around half a million users of Guardian’s UK jobs websites may have been compromised in a hacking attack this weekend.
The Guardian claimed that a sophisticated and deliberate hack was halted in mid hack and the site was secure, but advised users to contact their credit reference agency and UK prevention service Cifas to ensure their personal information had not been breached.
Patrik Runald, senior manager of Websense’s security labs, advised users to be extra vigilant over the next few weeks: What we’ve seen happen before, in similar breaches, is that the individuals who had their data stolen have become targets of highly targeted attacks. With the bad guys having access to personal information about the target, it’s makes it possible to create a very attractive and believable email that will have a high likelihood to trick the recipient into click on a link/run the attachment, said Runald.
The compromised data included names, email addresses, covering letters and CVs, according to the Guardian, but it was confident that financial or bank data had not been accessed. The Metropolitan Police’s e-crime unit is investigating the crime.
Finjan chief technology officer Yuval Ben Itzhak warned that these type of websites are primary targets for cybercriminals looking to assemble identity theft kits.
Usually, cybercriminals are using this type of stolen data to create fake identities, as well as generating spam plus phishing attacks, as well as many other scams. Auctioning stolen identity information is another technique that our researchers have spotted. It’s also worth noting that Guardian portal is not alone in being attacked by cybercriminals, as other US job sites have also been hit using this hacker methodology, said Itzhak.