Hundreds Of Thousands Hit In Racing Post Password Breach

Tom Brewster is TechWeek Europe’s Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Site editor says number of affected users in password breach will be in the six figure region

Every member of the Racing Post website has been told to change their password thanks to a breach of the horse racing, sports and betting publication.

That means the number of those affected would be in the “six figure” region, Racing Post editor Bruce Millington told TechWeekEurope.

Racing Post admits breach

horse racing race speed © Cheryl Ann Quigley ShutterstockThe company admitted to the breach this weekend, saying no credit card nor betting information had been compromised as a result of a “sophisticated, sustained and aggressive attack on Friday and Saturday”.

However, usernames, first and last names, encrypted passwords, email details, customer addresses and date of birth data were accessed.

“[The number of those affected] would be a six figure number. It’s basically anyone who has ever registered or transacted with us and has had to logon,” Millington told TechWeek.

“Hopefully this is just an inconvenience and mild aggravation rather than anything more than that.

“We’ve tried to be really open here. I believe that other companies, when this sort of thing happens, they tend to say as little as possible. Our view is that we wish it hadn’t happened, but we’ve got nothing particular to hide here.

“We’d rather paint a worst-case-scenario situation so our customers can decide on what action to take.”

A note on the website suggested users change their passwords across other sites where the same logins are used. The Racing Post said it believed “others were subject to similar attacks at the same time”.

Millington could not say what kind of protection was wrapped around the passwords. The notice on the Racing Post website said they were encrypted, but not how.

“We cannot be confident that the hackers will be unable to break the encryption,” the Post said. “It is prudent to work on the assumption that the hackers will break the encryption.”

The publication has turned off the ability to register or log-on to

A number of significant password breaches have been seen this month, including that of MacRumors, affecting over 800,000, which may have been caused by a breach of vBulletin, which provides forum software.

What do you know about Internet security? Find out with our quiz!