Hackers hit Guardian Jobs web site

The details of half a million web users could be at risk after hackers used a sophisticated attack to penetrate the security of The Guardian's Jobs web pages.

The newspaper was quick to respond to the breach, and users of the site whose details were thought to have been compromised were emailed with a warning and information about what had happened.

"We have been assured by our provider that the system is now secure and we have identified and contacted everyone who may have been affected," said the company in a security update.

A later statement said that around 500,000 of the site's 10.4 million users could have had their data compromised. The paper added that it had contacted the Information Commissioner's Office in the UK, as it should, and is working with Scotland Yard's e-crime unit to resolve the issue.

"The police remain anxious to keep information about the apparent theft to a minimum in order not to compromise their investigations, but did agree with us that we could inform those users who may be affected," read the statement.

"We stress our regret that this breach has occurred. This is apparently a deliberate and sophisticated crime, of which The Guardian is a victim in addition to some of our users."

Patrik Runald, senior manager at security firm Websense, urged users of the jobs site to be cautious about their data for some weeks to come, suggesting that the criminals could use the information to build up a sophisticated social attack over a period of time.

"The bad guys having access to personal information about the target makes it possible to create a very attractive and believable email that will have a high likelihood of tricking the recipient into clicking on a link or running an attachment," he said.

"We advise anyone who has received notification from The Guardian that their personal data has been compromised to take extra care over the next few weeks, both at home and at work."

Phil Jevans, chief executive at Iron Key and chairman of the Anti-Phishing Working Group, went further, explaining that the hack signalled the death of old methods of online security and paved the way for more secure alternatives.

"The attack on the Guardian Jobs web site demonstrates why the days of a username, email address and password being sufficient to protect your data on the internet are over," he said, adding that two-factor authentication is the best available method for providers and businesses alike.

"We need these protections for online services that are accessed by consumers, and for cloud computing services that companies are beginning to outsource their data services to," he explained.