September 27, 2016

TechRadar re-opens site after re-engineering the way it stores user data, but forums remain shut

(LiveHacking.Com) – Earlier in the summer popular British technology site TechRadar.com suffered a security breach in which email addresses, usernames, dates of birth and encrypted passwords were stolen. The technology website has now announced that it has completed its work to re-engineer the way it stores user data. As a result users are now able to log in and add comments again.

As a security precaution, users will be asked reset their password when they first log back into site. As part of that process users will be sent an activation code to their registered email address.

However the site decided not to re-open its forums. Soon after the breach TechRadar emailed its users explaining that “the forums have been closed and will remain closed until we are satisfied that there are no further issues and the forum can be safely restored to service.” This led to the assumption that the breach happened via the forums.

“Whist rebuilding our authentification system, we took the difficult decision not to re-open the forums but to instead encourage discussion within the site comments and via our social networks,” said Nick Merritt of TechRadar in an email sent to users today.

If you used your TechRadar password on any other websites make sure you have changed them as well.

TechRadar re-engineering the way it stores user data

(LiveHacking.Com) – In June, popular British technology site TechRadar.com suffered a security breach in which email addresses and user details (including username, date-of-birth and encrypted passwords) were stolen. It has now sent an email to its users with an update on the situation, the email reads:

We emailed you recently to let you know that the TechRadar user registration database had been accessed and encrypted data downloaded. As a result we have temporarily suspended user accounts on TechRadar.

We are currently re-engineering the way we store user data and, once the new service is ready, you will be able to log in and comment again. This work should be completed in the next few days and we’ll be back in touch about how you can reset your password and log back in.

We’re sorry about any frustration this situation is causing but we take the security of your data extremely seriously and want to get it right.

More information on the recent security issues is available here: http://www.techradar.com/news/world-of-tech/techradar-site-announcement-1088018

Thanks for your patience,

Nick Merritt

Publisher, TechRadar

If you used your TechRadar password on any other websites then you need change these passwords immediately.

TechRadar’s user database stolen

(LiveHacking.Com) – Following the break-in at LinkedIn, popular British technology site TechRadar.com has sent an email to its users informing them of a security breach. According to the email, user details including username, email address, date-of-birth and encrypted passwords have been stolen. It looks as if the hackers managed to breach the site via the forums. The email goes on to explain, “the forums have been closed and will remain closed until we are satisfied that there are no further issues and the forum can be safely restored to service.”

The biggest danger is not that the hackers have your password to the TechRadar site, but rather that if you use the same password on any other websites. If so, then you need change these passwords immediately. The situation was the same when LinkedIn was breached but with the added twist that user data on LinkedIn was also potentially more valuable.

As always the email contained the normal platitudes, “our IT team launched an investigation immediately and has identified the cause of the problem and taken action to rectify it.” and “we take the security of your data extremely seriously and we apologize for any inconvenience caused.”

It seems that the break-in was discovered by TechRadar itself or that it was reported privately as there doesn’t yet seem to be any news of the database being posted publicly as was in the case of LinkedIn.

The TechRadar email mentions that the passwords were “encrypted”, however there are no details on what level of encryption was used or if they were salted. The problem with the LinkedIn breach was that the passwords were stored as hashes without salt. This meant that hackers were able to decrypt a large portion of the passwords very quickly.

TechRadar says it will contact its users again shortly with instructions on how to update passwords.