Daily Telegraph third-party website hacked and defaced

Only the site's Short Breaks and Wine And Dine sections were hacked, according to The Guardian.

Both sections of the site were replaced with a picture of a Romanian flag claiming to be for the "Romanian National Security" and comments in Romanian.

The only English text said, "Guess what, gypsies aren't romanians, morons." It also linked to a Russian site that plays a sound recording called The Lonely Shepherd.

A Telegraph Media Group spokesperson said: "There was an incident of attempted sabotage on a third-party-hosted TMG site. This was picked up by our daily security scans and remedied shortly after and so no damage was done. TMG takes the security of the website and all third-party sites extremely seriously."

The attack comes just over a year after another partner website of the Telegraph Media Group was hacked, exposing the e-mail addresses of registered users on part of the site.

Hackersblog, which has exposed vulnerabilities in several prominent websites, claimed all databases at the Telegraph were vulnerable to SQL injection attack.

The blog posting said hundreds of thousands of subscriber e-mails and passwords could be accessed using this simple attack method.

Attacks of this kind are a growing concern because they can bring businesses to a grinding halt, hindering operations and damaging reputations.

Protecting websites from such attacks comes down to ensuring web fronting systems are secure, says Tony Osborn, security expert at Symantec.

"Simple measures include applying basic information risk management, prioritising web-facing systems and ensuring patches are always up to date", he said.

If websites are outsourced, the organisation must ensure the hosting provider has the necessary information governance practices and security measures in place, Osborn added.

This article was first published by Computer Weekly

What’s hot on Infosecurity Magazine?