Forums
There is currently 1 person viewing this thread.
minardi
23 Nov 13 21:10
Joined:
Date Joined: 16 Jan 02
| Topic/replies: 3,006 | Blogger: minardi's blog
For those not looking at their e-mails or Horse Racing Forum - the RP site has been hacked and e-mails sent out to all those whose details have been stolen.

To be fair its probably no worse than the scum that they sell the info to anyway - but it shows an incredible breach of security.

It's not Spam i have just phoned them upto confirm.

Post your reply

Text Format: Table: Smilies:
Forum does not support HTML
Insert Photo
Cancel
sort by:
Show
per page
Replies: 35
By:
Tommy Toes
When: 23 Nov 13 21:26
Yep, just received the e-mail from The Racing Post advising people to reset passwords - especially if the same one used on the RP site is also used on other gambling sites.

What a palaver.
By:
Tommy Toes
When: 23 Nov 13 21:35
*folks.
By:
Make my hay
When: 23 Nov 13 21:40
Sent me one too,

As yours is one of the accounts involved, there is a risk of identity theft.

Charming.
By:
patrick starr
When: 23 Nov 13 21:43
https://twitter.com/brucemillington
By:
Tommy Toes
When: 23 Nov 13 21:45
Cheers Patrick.

The Racing Post twitter site says the same thing too.
By:
Tommy Toes
When: 23 Nov 13 21:46
- Racing Post ‏@RacingPost 7m

"The emails sent to http://racingpost.com  members regarding the security of our website are authentic and sent from us."
By:
Alias
When: 23 Nov 13 21:54
It's so long since I logged on to their crap site, I can't remember my password anyway.Laugh
By:
thebandit
When: 23 Nov 13 22:21
Tommy Toes • November 23, 2013 9:46 PM GMT
- Racing Post ‏@RacingPost 7m

"The emails sent to http://racingpost.com  members regarding the security of our website are authentic and sent from us."
Report• Quote • Block User Alias • November 23, 2013 9:54 PM GMT


Thing is though Tommy Toes, I received one and haven't even got an account with them though. Confused
By:
Tommy Toes
When: 23 Nov 13 22:24
Are you sure, thebandit?

I set mine up over 9 and half years ago - but I use it a lot.

You might have joined once and forgotten about it if it was a long time ago, possibly?
By:
Tommy Toes
When: 23 Nov 13 22:29
The ironic thing is: I haven't had to log on to use the Racing Post site for at least 2-3 years after they did one of their 'upgrades', so never do.

Which also shows woeful security by them for a long time.
By:
thebandit
When: 23 Nov 13 22:35
Seriously Tommy, never had one. Despite the amount of Carlsberg I've drunk over the years my memories sound as a four pack lol.
By:
Tommy Toes
When: 23 Nov 13 22:43
Haha!

I don't know then, thebandit.

I do, however, remember that when I first joined the RP they had a direct link page to Betfair betting pages when it was a much simpler site. I always used to use that rather than Betfair - as it was 'all in one'.

Perhaps the sites were interlinked then?
I really don't know.
By:
kenny mann
When: 23 Nov 13 23:10
spent the last hour checking my passwords Angry
By:
kenny mann
When: 23 Nov 13 23:11
Despite our best efforts, the security on racingpost.com has been breached over the last 36 hours, in a sophisticated, sustained and aggressive attack. One of our databases was accessed and customer details were stolen.

Security is an area we take extremely seriously and our website has not been compromised previously. As soon as we were aware of the situation we did everything in our power to halt the breach. We have now established that a number of customer accounts were accessed. Although all the passwords are encrypted, we believe that there is still a chance that some passwords can be deciphered. As yours is one of the accounts involved, there is a risk of identity theft. Please be aware that we do not store your credit card details on our website and these have not been the subject of any theft.

As part of our efforts to resolve the issue, we have turned off the ability to register / log-on to racingpost.com. You will still be able to access the site safely. Members' club content will also be available.

However, we are contacting you now to request that you take all precautions and reset your passwords on any other site which uses the same password as the one you use on racingpost.com as soon as you can. If, for example, you use the same password for your bookmaker accounts, email accounts or for social media we advise you to reset them. Mine is one of the accounts involved and I will be changing my passwords. We understand how inconvenient this is - and can only apologise for any difficulty this causes - but feel it is necessary under the circumstances.

Once we are totally satisfied that using your account details on racingpost.com is completely secure, you will need to reset your password on our site. We will send you an email with instructions on how to do this. For security reasons, there will be no links on the email. You will need to visit the racingpost.com website to make the changes. For now, please proceed with changing your passwords (if the same as your racingpost.com password) on any other site.

If you have any questions, please contact Racing Post customer services on 01635 246505.

Please be assured that we are currently reviewing all of our security measures and will put in place even stronger protection to stop this happening again. Extensive changes have already been made overnight with the assistance of industry-leading cyber-security experts.

We are extremely sorry that this unfortunate incident has occurred and thank you for your patience and understanding.

We will be in touch in due course once we have re-established the registration / log-in part of the site.

Yours faithfully


Bruce Milllington
Editor
By:
brendanuk1
When: 23 Nov 13 23:29
sophisticated, sustained and aggressive attack.

Security is an area we take extremely seriously

Laugh
By:
kenny mann
When: 23 Nov 13 23:47
exactly

we are currently reviewing all of our security measures and will put in place even stronger protection to stop this happening again
By:
kenny mann
When: 23 Nov 13 23:48
so they take security extremely seriously but didn't have the strongest protection!
By:
brendanuk1
When: 24 Nov 13 00:47
password = password (nap)

getting lots of spam recently wonder if it is from these clowns weak security Sad
By:
brendanuk1
When: 24 Nov 13 00:49
I cant remember my racing post password, so how do i know if i should change my other sites passwords? I might change them to the password that has gone Confused
By:
sideshowbob
When: 24 Nov 13 06:21
same with me. virtually never use the site, cant remember my password. so no idea if i use that password elsewhere. what a fecking joke.
By:
Amanda Hugnkiss
When: 24 Nov 13 09:00
And me,

No idea what password I used at that time.

Informing us of the password nicked would be a good move.

I think I used a **** one.....Cool
By:
screaming from beneaththewaves
When: 24 Nov 13 09:12
Same as thebandit: got the e-mail last night despite never being a member of the site.

Who exactly is hacking whom here?
By:
brendanuk1
When: 24 Nov 13 09:44
wonder when this breach actually took place Confused
By:
Make my hay
When: 24 Nov 13 10:46
Racing post website now has a message

Racingpost.com
security breach

Stringent new measures are currently being put in place to prevent a repeat of the security breach that has affected racingpost.com.

The website was the subject of a sophisticated, sustained and aggressive attack on Friday and Saturday, in which one of our databases was accessed and customer details were stolen.

Customer credit and debit card details are not stored on the site and have therefore not been accessed and are not at risk.

Usernames, first and last names, encrypted passwords and email and customer addresses were taken. As a consequence, customers have been advised by email that they should take the precaution of changing their password on other sites if it is the same one that they use for racingpost.com.

Customers who are unsure of their password should be aware these are encrypted and we are therefore unable to tell them what the password is. Our advice, if in doubt, is to change passwords on other sites as a precaution.

Customers who use R acing Post products to place bets can be assured all bets are placed directly with bookmakers and that we hold no details whatsoever in relation to their betting accounts. It remains perfectly safe to bet on our website and mobile and tablet products.

Racing Post editor Bruce Millington said: "Security is an area we take extremely seriously and our website has not been compromised previously. As soon as we were aware of the situation we did everything in our power to halt the breach.

"As part of our efforts to resolve the issue, we have turned off the ability to register / log-on to racingpost.com. You will still be able to access the site safely. Members' Club content will also be available.

"We are extremely sorry that this unfortunate incident has occurred and thank you for your patience and understanding."

Customers with any questions are requested to contact Racing Post customer services on 01635 246505.
By:
brendanuk1
When: 24 Nov 13 12:14
Why would turning off login in resolve the issue? Must be where they had a problem
By:
sideshowbob
When: 24 Nov 13 12:37
if the passwords were encrypted. how com the hackers can erm unencrypt them but the racing post cant? are the hackers that much more technologically adept than they are? not surprising they got hacked then is it? Plain
By:
brendanuk1
When: 24 Nov 13 13:13
very true
By:
Ramruma
When: 24 Nov 13 16:55
if the passwords were encrypted. how com the hackers can erm unencrypt them but the racing post cant? are the hackers that much more technologically adept than they are?

The bad guys may well be better techies but the point is they will try to decrypt them. The Racing Post would not want to.
By:
erse2
When: 24 Nov 13 16:59
passwords are typically one-way encrypted (so if you ever your original password emailed to you by a website, that's a very bad sign)

they get decrypted by brute force. you can use graphics cards to try billions of password combinations per second.

usually a 'salt' gets added to them, a bunch of random characters that get added to the encryption because so many people use obvious passwords and those would easily get decrypted.

if the same salt is used across all passwords, you can reverse-engineer the salt because a number of people will have the same, obvious passwords. once that's done, bob's your auntie.
By:
brendanuk1
When: 24 Nov 13 17:03
RP know the salt, so they would have a head start
By:
Zazu
When: 24 Nov 13 18:00
Adobe got hacked ages ago and I got a very nice letter saying some filthy criminals have all my personal details including back details so I need to be extra vigilant with strange transactions in my bank account Mischief
By:
brendanuk1
When: 24 Nov 13 18:10
yes, been done now a few times, sony, adobe, racing post. Might have to change emails as I am getting spammed to death Cry
By:
Dermbet
When: 24 Nov 13 20:53
Yeah me too. What a mess! Can't remember what password I used! Can the hackers monitor your password inputs now, they have breached the security? Who knows what they've done while breacjing the security. What if it isn't limited to passwords?
By:
MisterBadger
When: 25 Nov 13 20:57
If you have any questions, please contact Racing Post customer services on 01635 246505.

Lazy **** aren't even picking up the phone  Angry
By:
brendanuk1
When: 26 Nov 13 06:35
.
http://www.ico.org.uk/complaints/handling

They should not be holding on to dormant data for so long, think mine must be over 5 years since i logged on there
sort by:
Show
per page

Post your reply

Text Format: Table: Smilies:
Forum does not support HTML
Insert Photo
Cancel
‹ back to topics
www.betfair.com