2016 is seeing ever rising reports of “cyber attack”, which can come in many guises:- DDOS attack, virus, malware and SQL Injection being of the most recent – all with the same objective to steal your data.
Thousands of British music fans have had their personal data stolen and are in danger of being targeted by online fraudsters, after the website of dance act Faithless was hacked. Experts fear the breach of faithless.co.uk, affecting some 18,000 people, will be repeated on other music websites. The hack, in which a single piece of malware was uploaded via a common hacking technique known as an SQL injection, was able to get past the website’s defences.
It was spotted by internet security firm CyberInt, which monitors hacking activity. The breach became apparent last September but was only confirmed by the cyber security company in January 2016. “We have a system that collects cyber threat intelligence in real time, and as part of our work we uncovered a Faithless database being sold on the Dark Web, and we flagged it up with them,” Elad Ben-Meir, the company’s vice president of marketing. “I think they fixed the issue but they didn’t quite go out and tell anyone that, so that leaves their fans, about 18,000 people, unaware that their private information has been compromised,” he added.
The management company which represents the band did not respond to requests for comment. In the meantime, users of the Faithless website remain at risk of online fraud, according to CyberInt. Their data, which is understood to include personal email addresses and passwords used to access the site, is now being sold on the Dark Web.
“Although the actual details for sale on the Dark Web are likely to sell for only a few hundred pounds, they could end up costing unlucky music fans far more,” warned Mr Ben-Meir. Even limited information, such as an email address combined with details of someone’s musical tastes, can be valuable to cybercriminals. “The fraudster will send the fan a spoof email asking the victim to open an attachment or follow a link to a fake phishing website. Once the attachment is opened or the link clicked, the hacker could gain additional information about the fan or event take control of the fan’s computer,” saud Mr Ben-Meir. If you think the email is too good to be true, it probably is. Don’t click the link, instead login to the portal via a separate window. One which you know is correct and more secure.
Music websites are attractive to cybercriminals as there is often a relationship of trust between fans and performers. Mr Ben-Meir suggests that the Faithless hack “could signal the start of a new trend of attacks on the UK’s £3.5 billion a year music industry,” he added. Sony Music has been repeatedly hacked in the past five years, and the websites for artists such as Lady Gaga and Jessie J have also been successfully targeted.
The theft of data from the Faithless website is one of a series of high profile hacks in recent months, which have included the BBC news website and its iPlayer service, the Wetherspoon pub chain, telecom firm Talk Talk, Nissan and dating website Ashley Madison. There has never been a better time to protect your data… and your fans. Source: The Independant.