Popular horse-racing site hit by “aggressive” cyber attack – passwords leaked

A major British horse racing website has been hit by an “aggressive” and “malicious” cyber attack – and user details have leaked, including some passwords which the owners warn “could be deciphered.”

Racing Post warned customers who may have shared the same password across other sites to change those immediately, as a security measure. It’s still not clear how many customers were affected, but The Register reports that customers received an email saying, “Despite our best efforts, the security on racingpost.com has been breached over the last 36 hours, in a sophisticated, sustained and aggressive attack.”
The attack on Racing Post’s servers accessed a database containing customer details. The site offers online gambling (legal in the UK), via a partnership with William Hill and Ladbrokes, and its iPhone app is the most popular free horse-racing app on iTunes, according to the company.

The site said it suspected the breach came as part of a wider attack on a number of websites according to editor, Bruce Millington, speaking to the BBC. “We are extremely sorry that this unfortunate incident has occurred. We believe it may be part of a wider attack on a number of companies. We thank you for your patience and understanding.”

The site reassured customers that credit and debit card details had not been accessed, according to V3, saying “Betting through the site with our partner bookmakers has at all times been unaffected as this activity takes place directly with the bookmaker.”

The site has blocked log-ins as a preventative measure, and said in a statement that it is taking “stringent” measures to ensure the breach is not repeated.

“We have removed the log-in facility from racingpost.com until further notice so all users can access all areas, even if you are not a member,” the site said in a warning on its front page Monday.

The site has a clear, helpful guide for users who fear they may have been affected here – including answers on passwords, and advice for those who may have shared logins across several sites. A We Live Security guide to what to do in the event of a breach can be found here.