Tom Degun reports on a rumor published yesterday involving an alleged hack of a journalists’ credentials database for the Pan American Games:
The Guadalajara 2011 Organising Committee have denied claims that their database containing the confidential information of over 1,000 journalists attending the Pan American Games here have been illegally hacked.
The Games had just passed the halfway point with everything running relatively smoothly until hundreds of the journalists received an anonymous email earlier this week warning of a major security issue on the website where they were required to submit personal information in order to obtain their accreditation.
The majority of the anonymous emails included the first few digits of the reporter’s passport number and date of birth therefore putting them at major risk of identity theft or fraud.
But Carlos Duran Hernandez, assistant director of information technologies at the Organising Committee, has quickly moved to calm fears saying that the federal police in Mexico have now secured the website and that there “has not been any illegal access to the database”.
In an official statement, Hernandez said: “Access to the information may have occurred because of an incorrect use of a real password for the registration system.
“The person that had the password may have accessed the information shown in the screen and therefore was able to make participants uncomfortable.”
Read more on Inside the Games.
I’m confused. If someone did access the database using a “real password” and shouldn’t have, that’s a breach in my book. Are they saying that this was someone who exceeded authorized access? Even so, that’s a security breach in my book. Maybe they can do a better job of explaining how this isn’t a breach?