Modernizing Authentication — What It Takes to Transform Secure Access
The horse racing site Racing Post recently announced that it was hit by a "sophisticated, sustained and aggressive attack on Friday and Saturday, in which one of our databases was accessed and customer details were stolen" (h/t The Register).
What data was potentially accessed depends on what information was provided by each customer, but can include full names, user names, encrypted passwords, e-mail addresses, mailing addresses and birthdates. Because credit and debit card information is not stored on the site, the company says that data is not at risk.
All customers are being advised by e-mail to change their passwords on other sites if they've reused the password they used at RacingPost.com.
"Security is an area we take extremely seriously and our Web site has not been compromised previously," Racing Post editor Bruce Millington said in a statement. "As soon as we were aware of the situation we did everything in our power to halt the breach. As part of our efforts to resolve the issue, we have turned off the ability to register/log-on to racingpost.com."https://l1.cdn.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
According to The Register, the e-mail to customers includes the following statement: "Please be assured that we are currently reviewing all of our security measures and will put in place even stronger protection to stop this happening again. Extensive changes have already been made overnight with the assistance of industry-leading cyber-security experts."