The Telegraph provides a 10 TB database of subscriber information

Posted on

The Telegraph, one of the UK’s largest newspapers and online media outlets, leaked 10TB of data after improperly backing up one of their databases.

The exposed information includes internal logs, full subscriber names, email addresses, device information, URL requests, IP addresses, authentication tokens, and unique reader identifiers.

Bob Diachenko, the researcher who discovered the unprotected record on September 14, 2021, has confirmed that at least 1,200 unencrypted contacts were accessible without a password at the time of his review.

In particular, many of these cases involve Apple News subscriber registration information, including passwords in clear text.

The newspaper was immediately contacted and warned of the reveal, but it was two days before it finally responded and backed up the database.

The instance was indexed in specialized search engines on September 1, 2021, so that the exposure duration is at least three weeks. This is enough time for attackers and automated scanners to find the exposed database and exfiltrate the data it contains.

Affects only a subset of subscribers

For those of you who may have been exposed as a result of this data leak, the main risk is that you will be scammed or phished via email.

The leakage of the URL requests can also pose a privacy risk as someone could use them to create the users’ browsing history on the messaging platform.

As for the ramifications for The Telegraph, stolen access tokens could be used by non-subscribers to access content that is locked behind the paywall, but they could resolve this with a reset. According to this statement, the number of people affected is 600, which is less than what Daichenko saw exposed. The Telegraph also states that none of them run the risk of exploitation as Diachenko was the first and last person to access the sensitive record. As a precaution, if you are a subscriber to The Telegraph, we recommend that you reset your password and be vigilant of unsolicited emails that make bold claims or ask you to take urgent steps to secure your account.

News Source

Leave a Reply

Your email address will not be published. Required fields are marked *