According to reports, the website for The Telegraph was hacked.
Primary Method: SQL Injection
Hazard to Humanity: Very Low
Date: March 6, 2009
Actually the site was: search.property.telegraph.co.uk and only the usernames and passwords of people who login to the site were exposed. As always, often times people use the same username and password for a variety of logins so an incident like this could grow bigger than just having someone post comments using a “hacked” username and password.
Remediation and Preventative Measures: Same as for all SQLi attacks – properly sanitizing all data submitted to a SQL database.