Investment Week website suffers data leak

(Image credit: Pixabay)
(Image credit: Image Credit: Pixabay)

Thousands of readers of a major UK financial news sites may have had their personal data leaked after the site suffered a major data breach.

As many as 330,000 financial buffs may have had their details revealed after the Investment Week website was found to be failing to protect user details securely.

The information, apparently held in unprotected records, included sensitive personal information such as full names, email addresses, and other subscription details, including business addresses - which given the theme of the publication, could include some of the UK's top firms.

Breach

The database also included unencrypted user passwords, which could have been cracked if subject to a brute-force attack.

The breach was discovered on April 4th, but more information was detected this week on a Reddit thread uncovered by anonymous security researchers.

Incisive Media, the publisher of Investment Week, released a statement on April 29th saying it was "sorry" to inform readers of a "potential breach of security that may have resulted in the unauthorised disclosure of your login details to our websites".

"Incisive Media take data security and protection very seriously," the company added, noting that it had informed the Information Commissioner’s Office (ICO) of the breach.

However the researchers who discovered the threats did not immediately hear back from Incisive, meaning it may have breached the 72-hour disclosure window demanded by GDPR.