back to article Brit events and info biz Incisive Media admits open server port may have left readers deets exposed

UK events and publishing outfit Incisive Media today urged subscribers to change their account passwords after it found an open port on a server had left it exposed to a buffer overflow or another remotely exploitable vuln. “We are sorry to inform you of a potential breach of security that may have resulted in the unauthorised …

  1. steviebuk Silver badge

    I'm confused

    So its a "potential" breach because a port was left open. But they claim there wasn't an actual breach, but then mention "a breach" later and finally submitted a report to the ICO. But why? If there was never a breach then you don't need to report it. You don't need to report "potential" breaches otherwise everyone would be doing that.

    1. big_D Silver badge

      Re: I'm confused

      Because the port was left open and the server was vulnerable, it could potentially have been exploited and the data exfiltrated, but there is no evidence either way.

      Therefore it is a potential breach. Given the level of fines for PII data breaches, it would be foolish not to inform the ICO, even if it was only potentially exploited. The same as changing the passwords, there is no evidence that this is necessary, but you would be very foolish not to change your password, just in case.

      1. Bronek Kozicki Silver badge

        Re: I'm confused

        Exactly this, IMO the firm has earned respect for demonstrating understanding of the security and willingness to disclose the incident.

  2. Anonymous Coward
    Anonymous Coward

    On the plus side..

    On the plus side, it's nice to see a company act out of an abundance of caution, rather than admit only after it becomes inevitable that they "may" have lost a couple of million passwords.

    Hey Zuck, this is how it's done.

    I like companies playing safe, and I also note the absence of any attempts to absolve themselves from blame. Straight facts only. Given the circumstances, that is well done.

  3. x 7

    I've not logged onto that site for so many years that I'd forgotten my password........can anyone tell me what it is?

    1. big_D Silver badge
      Boffin

      Try

      123456

      or

      monkey

      Have you tried "God"?

    2. Korev Silver badge
      Mushroom

      Joshua

      If you like a bit of WarGames -->

  4. Anonymous Coward
    Anonymous Coward

    I got this email

    "Details of the breach:

    The login details contain the following pieces of information: Your name, email address and your password for Computing in an encrypted form. No other information or data has been involved and no one has access to any other personal data from this potential breach."

    So, assuming that I used a unique password (which I did) what's the worst that can happen here? That somebody can log into the Computing website as me and maliciously read IT related news stories?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019