CAFE STYLE ESTATE AGENCY Foxtons has emailed its users to let them know that it has been the victim of a security attack.
Foxtons confirmed the breach to us but for such an eloquent and verbose organisation it was less than forthcoming with additional information. We have been promised more information when it decides what to say. We look forward to hearing what that is.
The security breach was reported by Softpedia. The website said that it had seen a Pastebin release of usernames and passwords and added that most of them were written in cleartext.
We've seen a version of the Pastebin release and can confirm this. The passwords do contain some redacted information, but they would be quite easy to guess. One, for example, is listed as "f0xt0**" and you have five seconds to work out what it might be. It is not F0xt0le.
We tried to login to Foxtons and it advised us that an email had been sent to us asking us to change our login information. Presumably Foxtons has sent this email to all of its customers.
An email confirmed as legitimate by Foxtons' PR unit has been published online. Foxtons didn't want to talk about it.
The security industry will discuss it, though. "The recent spate of high-profile data breaches, such as this alleged attack on Foxtons, are evidence that organisations are either not taking cyber security seriously or are bewildered by the problem. Regulation in this case is a necessity to alter corporate behaviour," said Ross Parsell, director of Cyber Security at Thales UK.
"Once the full extent of the cyber threat is uncovered, greater collaboration on cyber issues should lead to an improvement in cyber awareness and cyber standards."
The list of stolen passwords makes for sobering reading. µ
Sign up for INQbot – a weekly roundup of the best from the INQ