So as someone who has an account with Racingpost.com I received the email below tonight.
Despite our best efforts, the security on racingpost.com has been breached over the last 36 hours, in a sophisticated, sustained and aggressive attack. One of our databases was accessed and customer details were stolen.
Security is an area we take extremely seriously and our website has not been compromised previously. As soon as we were aware of the situation we did everything in our power to halt the breach. We have now established that a number of customer accounts were accessed. Although all the passwords are encrypted, we believe that there is still a chance that some passwords can be deciphered. As yours is one of the accounts involved, there is a risk of identity theft. Please be aware that we do not store your credit card details on our website and these have not been the subject of any theft.
As part of our efforts to resolve the issue, we have turned off the ability to register / log-on to racingpost.com. You will still be able to access the site safely. Members’ club content will also be available.
However, we are contacting you now to request that you take all precautions and reset your passwords on any other site which uses the same password as the one you use on racingpost.com as soon as you can. If, for example, you use the same password for your bookmaker accounts, email accounts or for social media we advise you to reset them. Mine is one of the accounts involved and I will be changing my passwords. We understand how inconvenient this is – and can only apologise for any difficulty this causes – but feel it is necessary under the circumstances.
Once we are totally satisfied that using your account details on racingpost.com is completely secure, you will need to reset your password on our site. We will send you an email with instructions on how to do this. For security reasons, there will be no links on the email. You will need to visit theracingpost.com website to make the changes. For now, please proceed with changing your passwords (if the same as your racingpost.compassword) on any other site.
If you have any questions, please contact Racing Post customer services on 01635 246505.
Please be assured that we are currently reviewing all of our security measures and will put in place even stronger protection to stop this happening again. Extensive changes have already been made overnight with the assistance of industry-leading cyber-security experts.
We are extremely sorry that this unfortunate incident has occurred and thank you for your patience and understanding.
We will be in touch in due course once we have re-established the registration / log-in part of the site.
The Editor @brucemillington on Twitter has confirmed this is legit and when asked why users were only notified this evening he said
Scale of problem didn’t become apparent until later today.