Free Racing Post

[osknows]

The racing post website will have free access for a short while. The reason....


Dear ......,

Despite our best efforts, the security on racingpost.com has been breached over the last 36 hours, in a sophisticated, sustained and aggressive attack. One of our databases was accessed and customer details were stolen.

Security is an area we take extremely seriously and our website has not been compromised previously. As soon as we were aware of the situation we did everything in our power to halt the breach. We have now established that a number of customer accounts were accessed. Although all the passwords are encrypted, we believe that there is still a chance that some passwords can be deciphered. As yours is one of the accounts involved, there is a risk of identity theft. Please be aware that we do not store your credit card details on our website and these have not been the subject of any theft.

As part of our efforts to resolve the issue, we have turned off the ability to register / log-on to racingpost.com . You will still be able to access the site safely. Members' club content will also be available.

However, we are contacting you now to request that you take all precautions and reset your passwords on any other site which uses the same password as the one you use on racingpost.com as soon as you can. If, for example, you use the same password for your bookmaker accounts, email accounts or for social media we advise you to reset them. Mine is one of the accounts involved and I will be changing my passwords. We understand how inconvenient this is - and can only apologise for any difficulty this causes - but feel it is necessary under the circumstances.

Once we are totally satisfied that using your account details on racingpost.com is completely secure, you will need to reset your password on our site. We will send you an email with instructions on how to do this. For security reasons, there will be no links on the email. You will need to visit the racingpost.com website to make the changes. For now, please proceed with changing your passwords (if the same as your racingpost.com password) on any other site.

If you have any questions, please contact Racing Post customer services on 01635 246505.

Please be assured that we are currently reviewing all of our security measures and will put in place even stronger protection to stop this happening again. Extensive changes have already been made overnight with the assistance of industry-leading cyber-security experts.

We are extremely sorry that this unfortunate incident has occurred and thank you for your patience and understanding.

We will be in touch in due course once we have re-established the registration / log-in part of the site.

Yours faithfully


Bruce Milllington
Editor

[Craig]

.
Thanks for your post Osknows.

I, too, received the email yesterday, but being too sceptical for my own good I took it to be a phishing email and I deleted it.

After I read your post this morning I checked out the RP Twitter account and also Bruce Millington's — both confirm that the security breach is real.

I suggest that any other BA Forum members who have, or had, accounts at the RP website take some precautions. In particular, if your RP password and registered email address are also used for any of your bookmaker or exchange accounts, or perhaps your Moneybookers or Neteller account, then you'll need to change your password at those accounts.

Interestingly, the RP Twitter page only has one short conversation on this matter, while Millington's has thirty so far. Clearly the RP don't want their corporate Twitter page to be contaminated by worried customers, so they're deleting tweets. What a shower.
.[/url]

[Craig]

.
Here's some good advice from the guy who runs the Flatstats forum:

What Happened?
The Racing Post site was allegedly hacked via a 'Brute Force' atttack. This happened a couple of days ago. Their customer database looks to have been accessed and downloaded. Customers have been sent an email that their details are likely to be in the hands of undesirables and sold on to scammers.

What Can I Do About It?
If you have / had an account on the racing post site, whether for the full Members Area, or you registered many years ago for some facility then you should do this:

a) Log in to the Racing Post site and change you password on there. If you can not login because you can not remember your password try their Password Reset Facility. If that does not work contact their webmaster via email using your RP registered email account.

b) If the password you use to access the Racing Post site is the same password you use to access Betfair, Bookies, this site, or anyother site you need to immediately login to those sites and change the password.

The first thing scammers do when they have a list of compromised passwords is to access sites with money. They try the same username, email, password and if they can get in to those other sites your money is as good as gone.

c) If the password is the same as your email account (your ISP email, Yahoo, Hotmail, gmail etc.) then login to that email site and change it immediately.

This is the second weapon of choice for the scammer. They login to your email account and attempt to extort money from your friends and family; they attempt to email viruses to your friends and family.

Note: It is never wise to use the same password on all sites. Always use different passwords for different sites and always change your passwords regularly.

But My Password Was Encrypted. Hackers Won't Know It!
Yes your password may be encrypted and stored into their database something like:

1j1883GYGyg1g23yGYG70mnV

But weak passwords are crackable in seconds, medium passwords are crackable in minutes and stronger passwords are crackable in hours if not days.

Computers are so fast now that passwords can be cracked in very short timescales. This is why you should change your password immediately once a breach has been notified, and why you should regularly change your passwords.

What About Identity Theft?
This could happen. Did you put your full name, address, Date Of Birth, Phone Nos. in the RP Site?

If yes then that information could be sold on. There is nothing you can do about that now.

The only lesson to learn is that you should never give information unless you absolutely have to. For betting sites you obviously need to enter your full name and address information for KYC regulations. For other sites there is no way you need to give your address, DOB and phone numbers.

If a registration form requires personal information then try and leave the info blank or put duff info in there (Tel No "555-123456", address "10 High Street, Risley Dale"). Put your DOB in as something which is not your DOB. If you have to be 18 to register with a site put in today's date 18 years ago.

If a site refuses to let you register without the correct information then email the site owners. Tell them you don't want to give that information and go and find another site instead.

What About Other Websites? Are They Safe?
No site can be 100% safe. There is always a way for someone to get in if they want to. Just ask GCHQ or the NSA.

Betfair was one of the biggest hacks in recent times. There is no doubt this has happened to other bookies despite their technological and security investments.

It is not always a 'sophisticated hack'. Sometimes hacks are inside jobs. This happens when a rogue employee dumps a customer database onto a memory stick and sells on that information.

What More Can I Do?
Regularly search for your email address and / or username.

Some hacker sites display the booty for others to see. If your details were stolen from XYZ site you may get to know about it before XYZ site tells you.
.

[osknows]

I'm not too concerned as I have a different password for every website.

What is funny though is after all this good advice about changing the password the RP site has completely disabled membership login so nothing can be changed

Or is just me that cannot find the links?