Excite.co.uk and Ireland.com have fallen victim to an email hack it emerged Thursday, with tens of accounts accessed in the last 24 hours.
Following the Hotmail debacle at the start of the week, one non-techie hack has gained access to the accounts of around fifteen Excite.co.uk and Ireland.com subscribers -- including the unlucky John from London -- in less than an hour.
Stephen Finnegan, managing editor of Web Ireland took a total of 18 minutes to break into an Ireland.com account. Researching for a radio programme on the recent Hotmail intrusions, Finnegan hacked accounts using the simple question and answer mechanisms many sites use if passwords are forgotten.
The password prompt on the site asks a series of questions such as date of birth. Finnegan was able to repeatedly guess the year of birth for an account. Arriving at the correct year revealed the password to get into accounts.
"I did it around five times," he said. "The first time it took around 18 minutes but after that passwords were being revealed every two minutes or so."
Finnegan, a self-confessed non-techie turned his attentions to Excite.co.uk.
"I looked at around ten email boxes in less than 20 minutes," he said. Finnegan claims he did not read any of the email. "I wasn't interested in that. I just wanted to demonstrate how easy it is just with trial and error and the law of averages to get into people's email accounts."
Ireland.com staff were informed immediately and have taken steps to remove the flaw. Excite.co.uk were unable to comment at this early stage.
Worried your mail account may have been affected?
Tell the Mailroom