It seems you’re not really up there with the big boys like Sony and Codemasters these days unless you’ve been hacked. The latest victim is the unfortunately named Creditsafe.co.uk which publishes business and consumer credit reports. Specifically the attack is on creditsafe.co.uk not Creditsafeuk.com, which is a totally different company.
We’re not sure how many customers it has but a sign posted on the site this morning says that is was subject to an unauthorized attack but an “initial review indicates that no personally identifiable information has been compromised.” Unfortunately they say the hack means that visitors accessing the site via a search on google may have been redirected to a malicious website “that attempts to install a malicious .exe file.”
Here’s their statement:
Dear valued Creditsafe Limited customer, On Tuesday the 14th of June, we detected unauthorized access was gained to our creditsafe.co.uk website. As soon as the intrusion was detected, we immediately took creditsafe.co.uk offline in order to prevent any further intrusion. We have instigated a thorough investigation in order to ascertain the extent and scope of the breach and our enquiries are ongoing at this time. Our initial review indicates that no personally identifiable information has been compromised. Similarly we do not believe the attack has compromised our email system or internal records. But the nature of the intrusion has meant that visitors accessing the site http://www.creditsafe.co.uk via a search on google may have been redirected to a malicious website that attempts to install a malicious .exe file on the visitors machine. This error is in no way attributable to Google as it is a result of the attack on our website. At this time no evidence exists to suggest that any other of our Creditsafe Ltd domains have been breached, but as a precaution we are conducting a full review of security on every domain under our control. Advice For your security, in the first instance we advise you to ensure you have a valid form of antivirus software and that any such software is kept up to date with the latest available updates. We would also recommend that you ensure all third party software is kept up to date with the latest security patches from the authors. Be aware too of fraudulent emails that may outwardly appear to be from Creditsafe Limited with links inviting you to visit websites. The safest way to visit your favorite websites is always by typing in the address manually into the address bar of your browser. Unfortunately it would appear that Creditsafe Limited is the latest victim in on-going targeted attacks against numerous financial companies. Please rest assured that we are doing everything within our means to identify and track down the perpetrators and we will pursue these miscreants to the full extent of the law. We apologize for this incident and regret any inconvenience caused. For further information please contact Adam Earl on 07540 693605 Updated: 15th June 2011. We have confirmed no access has been gained to any other aspect of our site. All emails and internal systems remain secure. We expect to have the site returned today. Thank you for your continued patience.
Update: To clarify Creditsafeuk.com has not been attacked and is a different company to Creditsafe.co.uk.