Future's FileSilo hit by data breach

February 9, 2017 // 10:09 a.m.

Tags: #attack #breach #data-breach #encryption #filesilo #future-publishing #insecurity #magazine #security

Future Publishing has warned users of its FileSilo digital distribution service that their personal information has been obtained by attackers unknown, including passwords stored in plain text format.

Launched by Imagine Publishing in response to the cost of cover-mounting an optical disc to print magazines - itself the successor to the floppy disks and, earlier, tapes that adorned selected publications in the 1980s and onwards - and as a means of offering the same software to digital-only subscribers, then transferred to Future Publishing following the company's acquisition of Imagine in June last year, FileSilo provided a means of downloading software discussed within the company's magazines. Those looking to take advantage of the platform needed to register an account, providing information including a username, email address, name, and password - information which Future has apparently been storing in plain text format, in direct violation of the Data Protection Act and industry best practice.

'In the last 24 hours it has come to our attention that FileSilo.co.uk's user registration database has been compromised,' an email sent to members explained. 'Unfortunately users' email addresses, usernames, passwords (stored in plaintext), name and surname may have been stolen in the process. We take the security of our registered users extremely seriously and we are investing in implementing advanced systems that enhance that security. These efforts continue to proceed on track.'

In response to the attack, the website has been taken offline - though with a disingenuous message which fails to mention the breach and simply reads: 'Sorry for the inconvenience but we’re performing some maintenance at the moment. we’ll [sic] be back online shortly!'

Anyone who had an account on FileSilo and who used the same password elsewhere is advised to immediately change that password on any and all services where it is used.
Discuss this in the forums

QUICK COMMENT

SUBSCRIBE TO OUR NEWSLETTER

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU