Cyber Incident Victim: Fairfax Media
Date:
May 2016
Location:
Australia
Summary
A major Australian media company experienced a significant data breach when hackers exploited an SQL injection vulnerability to compromise subscriber databases for two of its digital news platforms. The attack resulted in the theft and public exposure of over 13,000 email addresses from customer accounts. The stolen information, confirmed as legitimate subscriber data from the organization's systems, was briefly posted online before being removed from the original hosting site, though potential redistribution risks remained. The incident highlighted vulnerabilities in the media outlet's digital infrastructure that allowed unauthorized access to sensitive user information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around May 17-18, 2016, attackers compromised two Australian news websites operated by Fairfax Media—The Sydney Morning Herald and The Age Digital Editions—through an SQL injection vulnerability. This breach resulted in the theft of over 13,000 subscriber email addresses from a shared database. The stolen data was publicly leaked on a website called siph0n.in shortly before midnight Sydney time on May 18. RiskBasedSecurity researchers independently discovered the exposed data and verified its authenticity by contacting the responsible party, who confirmed it originated from Fairfax's subscriber email lists. Initial analysis indicated the leaked information appeared limited to email addresses rather than comprehensive account credentials or payment details. The breach disclosure followed a pattern common in cybersecurity incidents where media organizations reporting on data breaches became targets themselves.
By May 18, the original data dump had been removed from siph0n.in, though the article noted the possibility of mirrors or archived copies existing elsewhere. No specific containment measures or forensic findings from Fairfax Media were detailed in available reporting. The incident exposed subscribers to potential phishing risks and reputational damage to the media organization. The SQL injection attack vector highlighted vulnerabilities in Fairfax's web application security controls at the time. While the subscriber count represented a fraction of Fairfax's total audience, the breach demonstrated successful exploitation of critical web application weaknesses affecting major Australian news platforms.