After LinkedIn, Last.Fm and eHarmony, now it’s TechRadar’s turn to admit that cybercriminals have gained access to its user database. As a result of the attack, usernames, encrypted passwords, email addresses and birth dates have been stolen.“Our IT team has identified the cause of the problem and has taken action to rectify it,” Nick Merritt, publisher at TechRadar, explained.
In the meantime, the forums have been shut down and will remain that way until the company’s representatives are certain that all the security holes are properly patched up.
Impacted customers will be contacted and advised to change all the passwords that are similar to the ones used to protect their TechRadar accounts.
In a later update, the tech news site revealed that not only their current users might receive the updates.
“TechRadar includes a number of old Future Publishing computing magazine forums that were migrated onto the TechRadar forum software a while ago, so if you have received the TechRadar Support alert email, it will be because you have an account with us, whether current or unused,” Merritt added.
As Chester Wisniewski of Sophos highlights, there are a lot of questions that remain unanswered. For instance, what does “encrypted passwords” mean? Are they salted, unsalted? Did they use MD5, SHA1?
The answers to these questions can show one important thing: what the chances are for the information to be misused.
Until new details become available, users are recommended to follow the advice given by TechRadar and other experts and stop using the same password on more than one website.
Also, such incidents might be leveraged by cybercriminals for phishing attacks, so if you receive an email in which you’re requested to provide a password or other sensitive information, be sure to ignore it.