SPH apologises after website hack causes leak of 685,000 users’ details over six months

Singapore Press Holdings has issued a grovelling apology to its online subscribers after one of its databases was hacked over a six-month period.

The media giant has admitted that an unidentified hacker had managed to “compromise” a moderator’s account on its IT-centric website HardwareZone (HWZ) Forum and gain access to 685,000 user profiles.

The hack first took place in September last year and was only picked up by SPH this week.

On the database, the hacker would have access to personal details such as a user’s name, email, date of birth, plus potentially a person’s education, occupation and Skype account, which were optional fields for subscribers to fill in.

In a statement, SPH said it became aware of the hack after seeing “a suspicious posting” on the website on 18 February.

Following this, the company launched an investigation, after which the extent of the breach was unearthed.

A spokeswoman from SPH said: “The hacker used the compromised credentials to impersonate the senior moderator to retrieve user profile data which comprised name, email address and user ID and possible optional data fields.

“As a matter of precaution, forum users were advised to change their forum account password. SPH Magazines, which owns the HWZ site, has also engaged security consultants to conduct a thorough review of the system.

“A police report has been lodged and PDPC has been informed. SPH Magazines and HWZ sincerely apologise to HWZ users for this breach of security. We remain committed to protecting all personal data shared with us.”

The company added that the database did not contain NRIC numbers, telephone numbers and addresses following new rules from the Personal Data Protection Commission in July 2015.



Get the latest media and marketing industry news (and views) direct to your inbox.

Sign up to the free Mumbrella Asia newsletter now.



Sign up to our free daily update to get the latest in media and marketing