Cyber Incident Victim: FileSilo.co.uk

On or around February 8, 2017, UK magazine publisher Future discovered a breach of its FileSilo.co.uk website, a platform allowing subscribers to download supplementary materials like Photoshop templates and graphics for tutorials featured in Future publications such as *Edge*, *Digital Camera World*, and *ImagineFX*. The attackers compromised the site’s user registration database, exfiltrating email addresses, usernames, names, surnames, and critically, passwords stored in plaintext. Within 24 hours of detection, Future notified affected users via a direct communication on February 8, urging them to change their FileSilo passwords “as a matter of urgency” and to update credentials on any other sites where they had reused the same password. The company immediately took FileSilo offline, disabling public access to the platform while investigations and remediation efforts commenced. No details regarding the intrusion method, attacker identity, or total number of affected accounts were disclosed publicly.

The breach exposed users to heightened risks of credential-stuffing attacks and account takeovers across other services due to the plaintext password exposure. Future announced plans to relaunch FileSilo only after ensuring the breach was “fully rectified,” implicitly acknowledging the need for security enhancements, though specific technical measures were not detailed beyond a general commitment to “investing in implementing advanced systems.” The company faced public criticism for its failure to implement basic password security practices, particularly the storage of credentials without encryption. No evidence suggested financial data or magazine subscription systems were compromised. Future did not provide further public explanation for the plaintext storage decision or breach timeline specifics despite media inquiries. The incident remained under investigation at the time of reporting, with no restoration timeline for FileSilo’s services.