Updated UK events and publishing outfit Incisive Media today urged subscribers to change their account passwords after it found an open port on a server had left it exposed to a buffer overflow or another remotely exploitable vuln.
“We are sorry to inform you of a potential breach of security that may have resulted in the unauthorised disclosure of your log-in details to CRN,” the company stated in an email seen by The Reg.
Incisive owns a bunch of mags in the pension and benefits, financial services and enterprise tech landscapes, and others - including Computing - are also believed to be caught up in the security snafu.
As a background to the breach, the mail revealed:
“One of our service providers stored your login details for your CRN account on their server. While this server was not publicly listed, there is an open server port which made your information vulnerable for a short period this year.”
The login details stored included the customer's name, email address and password in an encrypted form, “no one has access to any other personal data from this breach”, the mail reassured.
“Our partners have removed the information from that server and have undertaken a full audit and introduced additional steps to ensure your data is not accessible. We have reset all passwords and you will be asked to enter new login details when you next login,” it added.
Though Incisive said it did not believe the “data breach” met the threshold to be reported to the Information Commissioner’s Office, it had informed the UK’s data watchdog anyway.
The publisher signed off with the obligatory paragraph about how it takes customers “data security and protection very seriously”. It also passed on the mail address of an in-house General Data Protection Regulation project manager.
We have contacted the ICO and Incisive for comment.
An ICO spokesperson said: “Incisive Media has made us aware of an incident and we are making enquiries.” ®