Cyber Incident Victim: Fairfax Media

On or around May 17, 2016, Fairfax Media, a major Australian and New Zealand media company, suffered a data breach affecting its digital properties The Sydney Morning Herald and The Age Digital Editions. Attackers exploited an SQL injection vulnerability to access a subscriber database, extracting over 13,000 user email accounts. The stolen data was publicly leaked on the website siph0n.in shortly before midnight Sydney time on May 18, 2016. Security firm RiskBasedSecurity discovered the breach through routine monitoring of data leaks and confirmed the authenticity of the exposed records by directly contacting the responsible party. Initial analysis indicated the compromised information originated from an email subscription list shared across both Fairfax-operated news platforms.

The leaked dataset contained subscriber email addresses but did not include financial data or passwords based on available evidence. RiskBasedSecurity researchers verified the data's connection to Fairfax Media's systems prior to public disclosure. By the morning of May 19, 2016, the original data dump had been removed from siph0n.in, though researchers noted the possibility of copies being mirrored or preserved elsewhere. Fairfax Media did not release detailed technical findings about the SQLi vulnerability's origin or duration of exposure. The incident exposed subscriber email addresses to potential phishing and spam campaigns, though no direct evidence of such misuse was confirmed in the source material. Media coverage highlighted the breach's irony given Fairfax's role in reporting cybersecurity incidents.