The Guardian newspaper confirmed on Sunday that its jobs site was hit by a `sophisticated attack' by hackers on Friday evening, and as a result, the paper has had contact with the affected people and warn them of what has happened.
The paper told reporters that the hackers were stopped before the hack of Guardian Jobs was completed,.
"As soon as we were alerted to the fact that there was a problem, we dealt with it, in line with the information commissioner's guidance on data protection", a spokesperson told Jack Schofield, the Guardian's IT editor.
"We felt it was important to be transparent and alert our users as soon as possible."
As a result of the hack of Guardian Jobs, the newspaper has posted a security warning on the site, saying: "the supplier who runs the site has identified the manner in which it was hacked and taken steps to prevent a recurrence".
According to newswire reports, the Guardian Jobs website was run a by a company called Madgex for the paper.
Nick Lowe, security vendor Check Point Software Technologies' regional director for Northern Europe, said that hackers are looking at how they can get into sites by whatever means they can, either by planting malware that can eavesdrop on usage to intercept passwords - as happened with the TJX (TK Maxx) breach in 2007 - or by exploiting an unpatched vulnerability.
"And the more sophisticated the site, the more ways there are to attack it, especially in cases like this where users upload and manage personal information. The security status of this type of site needs continual monitoring against malicious activity", he said.
"The site's users should carefully monitor any other online accounts they have for unusual activity, and ideally should change their password, especially if they use the same one for several accounts", he added.
Amichai Shulman, Imperva's chief technology officer, meanwhile, said that the most eye-catching feature of the hackers attack on Guardian Jobs is the use of the phrase `sophisticated and deliberate attack'.
"Our experience shows that `sophisticated attack' is usually a pseudonym for `SQL Injection', although I must admit that an initial glimpse into the site hints that it may actually be a more sophisticated hack than the usual", he said.
"At the end of the day, however, I don't think that it's much more than SQL Injection, sophisticated or otherwise", he added.
According to Shulman, if it were a trojan based attack - as happened in the TJX site hack then they would have stated it by now and used a different wording such as: `hackers who managed to break into the Guardian network'.
According to the Imperva CTO, if, as seems likely, an SQL injection attack was to blame for the Guardian Jobs hack, then tagging it as `sophisticated' might be a bit misleading, though not uncommon.
Organisations, he explained, have a tendency in such attacks to attach superlatives to the attack techniques used in a compromise in order to diminish from their responsibility.