South China Morning Post
Advertisement
Advertisement
Cybersecurity
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
FactWire on Wednesday said its website and internal system had been hacked recently. Photo: Shutterstock
Hong KongLaw and Crime

Cyberattack on Hong Kong news agency FactWire leads to unauthorised access of subscriber data

  • Agency says its website, internal system and newsletter delivery operations were attacked, but that information on donor list was not accessed
  • IP address shows hacking was done from Hong Kong, and it gained access to email addresses, registration records of FactWire’s newsletter subscribers
Cybersecurity
Christy Leung
Christy Leung
Why you can trust SCMP

A cyberattack on a Hong Kong news agency last month led to the unauthorised access of information on 3,700 subscribers.

FactWire on Wednesday said its website and internal system had been hacked recently. While staff were trying to fix the security breach, the agency discovered its newsletter delivery operations had also been attacked on April 13.

The information accessed include the email addresses of more than 3,700 subscribers registered from July 2017 to January 2021, and the names of about 1,000 subscribers registered from November 2018 to October 2019.

FactWire temporarily suspended the delivery of newsletters to build a new system. Photo: Facebook

“The IP address shows that the hacking was done from Hong Kong and that it had obtained access to the registration records of our newsletter subscribers. We sincerely apologise to all the affected subscribers for this,” a statement from FactWire read, adding the information on a donor list had not been accessed.

“We could not see any record of the information being exported, but there could be a possibility that the hacker had recorded the accessed information using other methods.”

In the wake of the incident, the news agency temporarily suspended the delivery of newsletters to build a new system. Measures were taken to ensure all personal information, including those of donors and whistle-blowers, was securely stored.

Earlier this week, police launched a criminal investigation after more than 20 unauthorised push notifications were sent out via the mobile app of Hong Kong’s biggest free-to-air broadcaster.

Hong Kong police investigate unauthorised notifications from TVB’s news app

According to TVB on Tuesday, the alerts were dispatched to subscribers of its news app over a period of 21 minutes, with the first sent out on Monday at midnight.

“Patriots rule Hong Kong”, “Lee Ka Chiu meets the press”, “hihi”, “test” and “yooooooo” were the contents of some of the 23 notifications, while others were written in simplified Chinese characters. Former chief secretary John Lee Ka-chiu is the sole candidate in the chief executive election, which will be decided on Sunday.

TVB said it had carried out multifaceted investigations and had immediately strengthened system monitoring to prevent the recurrence of similar incidents.

1