Thousands of people who use the Racing Post website received an unexpected email on Saturday night explaining that security on the site had been breached in what the Post described as a “sophisticated, sustained and aggressive attack.”
This was a major embarrassment, so serious that, although customer passwords for the site are encrypted, meaning that the Racing Post itself has no record of them, there is a real risk of identity theft for those people whose accounts were accessed if their password is decoded. It led the Racing Post to switch off the registration facility on the racingpost.com site while they continue to investigate how the site came to be hacked.
Registration and log in won’t be resumed for the time being, with customers being notified when that resumes. In the meantime people were advised to be on the alert for phishing emails purporting to be from the Racing Post.
That risk of identity theft led to a strong warning to customers to change their password on any other site where they were using the same one as for the Racing Post site. That was half an hour of my Sunday used up as my favourite beer went down the drain and I struggled to come up with something easy enough to remember, yet not too obvious.
Editor Bruce Millington said, “Security is an area that we take extremely seriously and our website has not been compromised previously. As soon as we were aware of the situation we did everything in our power to halt the breach. We are extremely sorry that this unfortunate incident has occurred. We believe is may be part of a wider attack on a number of companies.”
Fortunately, racingpost.com doesn’t hold any financial details of its customers on the site, and even if people link to their bookmaker accounts from the website, there is no interface with any bank details held on the bookie sites.
Millington added that they had already introduced extensive new security measures and were continuing to develop further mechanisms to increase protection on all accounts.