The Telegraph Exposed to First Giant Data Leak
The Telegraph's unprotected database was found by Bob Diachenko. On September 16, 2021, the data was finally secured, and we now have access to see what was leaked.
The Telegraph, a popular British newspaper, exposed a 10-terabyte collection of online log information that could be accessed without the need of a password or other kind of identification, according to Cool Tech Zone. Reader and subscriber data was found in the website's internal logs in the form of names, email addresses, device information (including IP addresses), URL queries, and other unique identifiers (UUIDs).
Why is this leak dangerous for users?
Visitors to the Telegraph website should be on the lookout for phishing and scams that are specifically targeting them. The database contains names and email addresses that can be utilized to send targeted scam messages to specific users. Most likely, scammers will assume the identity of The Telegraph or a similar company.
Within the leaked data, the user information contained:
- IP address
- User device, operating system, and version
- TS number
- URL requests (telegraph.co.uk browsing history)
- Cookie info, including subscriber status, email address, Full names
The Telegraph stated "We became aware of this discovery on 16 September and took immediate action to secure the data. An investigation showed that only a small number of records were exposed - less than 0.1% of our users and we have contacted all the users to advise them. The investigation also concluded that whilst the data was exposed it was not breached other than the discovery posted by the researcher. We are grateful for the work of independent researchers who responsibly disclose vulnerabilities and exposures and who are vital in our continued work to protect our assets."
Timeline
Diachenko discovered the information on September 14, 2021, and notified The Telegraph of his discovery. After two days of waiting for an answer, Diachenko took to Twitter to warn *The Telegraph* of his plight. The data was secured later that day after a member of the newspaper's security team acknowledged the occurrence.
In the three weeks since September 1st, evidence suggests the data was left vulnerable. However, our honeypot investigations reveal that attackers may identify and take data from exposed unprotected databases in just a few hours after they are exposed. We have no idea if anyone else had access to it during that time.
The information came from the Telegraph.co.uk website's internal logging server. About 10TB of data was exposed in the Elasticsearch cluster. Because we only looked at a small portion of the information and did not download the complete collection, we are unable to estimate the precise number of persons who are at risk.
The Telegraph reports that there were over 1200 unencrypted contacts spanning registrants and subscribers, with some Apple news subscribers or registrants' passwords. We don't know how many of these records were encrypted.