In an interview with SC Magazine, the unnamed hackers revealed that they breached the sites only to show that they’re highly unsecure, but they also claim that they managed to obtain tons of sensitive information, including credit card details.
While SC Magazine wasn’t able to verify whether the credit card data indeed belonged to Fairfax customers, they were provided with a link that would allegedly download a credit card database.
Reportedly, the data includes credit card numbers, CVVs, names and dates of birth that may belong to subscribers of Fairfax publications such as the Sydney Morning Herald.
At the time of writing both affected sites are closed for maintenance while the company investigates the incident.
“This relates to a small number of our sites that are hosted by external providers and there is no evidence that our major sites – smh.com.au, theage.com.au and our classified and transaction businesses have been compromised,” Gail Hambly, Fairfax company secretary, said.
Once the investigation is complete, Fairfax will notify customers and the relevant authorities to inform them on the extent of the incident.
They also add that the breached locations are independent of the core website and the transactional engines, confirming that credit card and subscriber information is held by a third party that apparently makes sure all the data is encrypted.
Hopefully, the hackers are in fact only gray hats that have no interest in disclosing large quantities of sensitive information, but from what we’ve seen in previous hacking operations, the company should take all the necessary measures to make sure that customers are not harmed as a result of the breach.