Foxtons is attempting to work out whether hackers have stolen the details of 10,000 property hunters that are registered with the estate agent’s website.
The list of account holders was leaked anonymously on Pastebin, a hacking website, earlier this week, according to PCPro, before it was removed. It can still be accessed elsewhere and reportedly shows over 9,800 user names, partially obscured passwords and email addresses.
"It has come to our attention that there were some reports circulating on the internet today suggesting that a small number of user names and passwords to the MyFoxtons web portal were briefly posted to a website. We have been able to download the list of usernames and passwords that were posted and are currently running checks to determine its veracity," said Foxtons in a statement emailed to registered users.
Foxtons hasn’t confirmed how many users have actually been affected and as the list is titled ‘part one’ there are suggestions that this could be the tip of the iceberg as far as the data breach is concerned.
Anyone that has had their details stolen could find that more information is compromised due to the fact that most users will have entered a home address and contact number in order to use the site.
Foxtons are at pains to point out that no financial information has been compromised as the financial details are held with a third-party and the company is already prompting users to change their passwords next time they log-in.
Ross Parsell, director of cyber security at Thales UK, admitted to The Register that tighter regulations are needed in order to put a stop to the data breaches, which are increasingly becoming common-place.
“The recent spate of high-profile data breaches, such as this alleged attack on Foxtons, are evidence that organisations are either not taking cyber security seriously or are bewildered by the problem. Regulation in this case is a necessity to alter corporate behaviour,” Parsell said.
MyFoxtons customers with an account that has been compromised will be contacted separately with details about which details have been hacked.
Image Credit: Flickr (Bixentro)