US X-Factor hacked, 250K wannabes' details outed

The personal details of some 250,000 entrants to the X-Factor US competition appear to have been compromised in a hack.

The stolen information includes entrants' names, dates of birth, gender, 'zip' codes, phone numbers, and email addresses, the Fox TV network warned in an email to those likley to be affected.

"This week, we learned that hackers illegally accessed information you and others submitted to us to receive information about The X Factor auditions," the network said in the email.

"We are taking this matter very seriously and are working with federal law enforcement authorities to investigate this illegal action."

The hack comes days after Sony confessed that up to a million people had similar details exposed in a massive hack on its gaming networks.

The X Factor will never ask you to email personal information such as financial data, credit card numbers, Social Security numbers or the user name or passwords you use to access other websites.

If you receive an email that appears to be from Fox.com or The X Factor asking for personal information, please delete it, as it did not come from us.’

Andy Kemshall, technical director of security outfit SecurEnvoy, reckons cybercriminals are now building information profiles on people, rather than developing frauds around available credentials.

"This corporate hack is notable, both for the size of the database theft, and the fact it was made against the servers of music executive Simon Cowell, who is renowned for his attention to detail. This suggests that the server hack was carefully planned and one of a series of attacks on company systems," he said. Cowell (pictured) is likely more concerned with the detail of his trouser creases and hair alignment than other people's security however.

According to Kemshall, there have been many more less-reported intrusions, suggesting that cybercriminals are now actively compiling data on large numbers of people for longer-term fraud.

"It's actually quite easy to see a pattern emerging in these attacks. Previously, frauds were card-centric and built around opportunistic database hacks, but the sheer volume of the system hacks in recent months suggests that there is a longer-term strategy involved," he said.

"Our observations suggest that this (hacked) data is being compiled into one or more databases, meaning that low-level frauds can be carried out on a steady basis, bursting into periods of high activity when the people's debit or credit card details become available," he added.

The data from the attack against the X Factor servers, could be used for phishing or phone-engineering scams against the contestants, but the fact that the FBI is investigating the hack suggests that a gang - who may be involved in other corporate attacks - carried out the systems intrusion.

The "reality is that cybercriminals are starting to conduct these attacks on a carefully planned basis, with the longer-term strategy of building their own fraudulent database on as many people as possible," Kemshall warned.