Security researcher Bob Diachenko has discovered the unprotected database of Telegraph, one of the UK’s largest newspapers and online media outlets, that has exposed internal logs, full subscriber names, email addresses, device info, URL requests, IP addresses, authentication tokens, and unique reader identifiers.
The newspaper was contacted and warned about the exposure immediately, but it took them two days to eventually respond and secure the database.
The Telegraph issued the following statement regarding Diachenko’s findings:
We became aware of this discovery on 16 September and took immediate action to secure the data. An investigation showed that only a small number of records were exposed – less than 0.1% of our users and we have contacted all the users to advise them. The investigation also concluded that whilst the data was exposed it was not breached other than the discovery posted by the researcher. We are grateful for the work of independent researchers who responsibly disclose vulnerabilities and exposures and who are vital in our continued work to protect our assets.
According to this statement, the number of the impacted individuals is 600, which is less than what Daichenko saw exposed. The Telegraph also states that none of them run any risks of exploitation since Diachenko was the first and last person to access the sensitive dataset.
