Community at “Spiegel”: Attackers could assign names and e-mail addresses

Share your love

In the online community of the Spiegel the magazine said that a security vulnerability may have disclosed usernames and email addresses. On August 2nd there was an unspecified security incident involving the community software “Talk”. This made it possible to assign the email address and user name in the Spiegel forum.

the Spiegel writes about the incident: “We were able to close the security gap after a few hours. Nevertheless, it cannot be ruled out that attackers have stolen e-mail addresses and usernames.”

An attacker could assign the origin of comments by assigning a real e-mail address and the user name in the forum. Anyone who wrote under a pseudonym but used their real email address could be assigned. If you are concerned about this, you can delete all of the contributions you have made in the forum profile at the push of a button.

the Spiegel changed the username due to the possible data leak in order to make the assignment impossible for a potential attacker. The forum now has a series of letters and numbers instead of the old community names. It stays that way until you change the profile again.

In order not to be dependent on the operator of a website for pseudonymization, random e-mail addresses that forward to the real e-mail address or a separate pseudonymous e-mail address can help. This should make the assignment even more difficult and the pseudonymity should be preserved.


Article Source

Read Also   Data slinging car | c't uplink 41.0
Share your love