Cyber Incident Victim: The Sydney Morning Herald

On May 18, 2016, RiskBasedSecurity researchers identified a data breach impacting two Australian news websites operated by Fairfax Media: The Sydney Morning Herald and The Age Digital Editions. Attackers compromised subscriber data through an SQL injection vulnerability, extracting over 13,000 email accounts from a shared database. The stolen information appeared to originate from an email subscriber list used by both platforms. The data was publicly leaked on siph0n.in shortly before midnight Sydney time on the same day, though the exact timing of the initial intrusion remained unspecified. Researchers confirmed the breach's legitimacy after directly contacting the party responsible for the leak, who validated the data's origin from Fairfax systems. The leaked dataset did not initially appear to include passwords or financial information, focusing solely on email addresses associated with subscriptions.

Fairfax Media, a major Australian and New Zealand media conglomerate, faced operational and reputational impacts as the data circulated online. By the following morning after the disclosure, the original data dump had been removed from siph0n.in, though researchers noted the likelihood of mirrors or secondary copies persisting elsewhere. No public statements from Fairfax regarding incident response or containment measures were referenced in the report. The incident highlighted vulnerabilities in the media organization's digital infrastructure, particularly inadequate safeguards against SQL injection attacks targeting subscriber databases. RiskBasedSecurity's discovery underscored the recurring pattern of media entities reporting on breaches while remaining vulnerable to similar compromises themselves.