News

Data breach at taz – Newspaper files charges against unknown persons

Photo of Simon Lüthje Simon Lüthje4. January 2022

There has been a serious data leak at taz. Cyber criminals were able to access the personal data of thousands of subscribers to the digital edition. The reason was apparently a password that was too easy to guess. Now the major German daily has filed charges.

Bad news just before Christmas

Several thousand subscribers to the taz received highly unpleasant news on December 23. Thus, it was revealed to them on the part of the daily newspaper that there had been a server attack. The loophole was the e-mail account used by the taz to manage its subscribers. They used a botnet and were quickly successful. According to a taz spokeswoman, they downloaded several e-mails from the mailbox. In their attack on the e-mail account, the attackers “captured” personal data such as e-mail address, address and the names of the subscribers.

Watch out when choosing a password

Put simply, the criminals succeeded in guessing the password by simple trial and error. This was only possible, she said, because the attack originated from more than 700 IP addresses. The taz spokeswoman told colleagues at heise online:

“The attackers were able to crack the password by trying out all possible character combinations (“dictionary attack”)”

In the end, the only thing that remained to be determined was that the password of the taz was simply too simple. However, the IT security team responsible has since replaced the relevant part of the password with a more sophisticated one.

Acting immediately in accordance with the GDPR

In the event of such incidents, the General Data Protection Regulation (GDPR) places the onus on the company concerned. Thus, one must immediately forward a cyber attack in which customer data could be affected to the competent data protection authority. The taz did this immediately by reporting the attack to the Berlin supervisory authority. The attack on the popular daily newspaper appears to be something of a wake-up call for the entire company. After all, taz has now made a commitment to its customers to look for further loopholes in its own IT security. Any further attacks are to be prevented in this way. This can certainly be understood in view of the company’s planned strategy. After all, the daily newspaper wants to turn its back on traditional print journalism entirely in the near future and only be available online.

Tags
Photo of Simon Lüthje Simon Lüthje4. January 2022
Photo of Simon Lüthje

Simon Lüthje

I am co-founder of this blog and am very interested in everything that has to do with technology, but I also like to play games. I was born in Hamburg, but now I live in Bad Segeberg.

Related Articles

Violation of GDPR: Will Google Analytics soon be blocked in the EU?

14. February 2022

FDP leadership finds GDPR and cookie protection impractical

9. November 2021
meta

Max Schrems: Irish penalty for meta too low

19. January 2023

Vodafone Italy to pay million-dollar fine for violations of the GDPR

24. November 2020

No replies yet

Beginne die Diskussion →

Neue Antworten laden...

Avatar of Basic Tutorials
Basic Tutorials

Neues Mitglied

2,987 Beiträge 1,446 Likes
Angeheftet Jan 04, 2022

There has been a serious data leak at taz. Cyber criminals were able to access the personal data of thousands of subscribers to the digital edition. The reason was apparently a password that was too easy to guess. Now the major German daily has filed charges. Bad news just before Christmas Several thousand subscribers to … (Weiterlesen...)

Antworten Like

Beteilige dich an der Diskussion in der Basic Tutorials Community →

Back to top button