• December 13, 2010

McDonald's, Walgreens and Gawker Media are all reporting that hackers have violated their customer databases through email systems.

There have been no indications that these three hacking incidents relate to the online guerrilla efforts of supporters of WikiLeaks, which last week briefly shut down the sites of Visa and MasterCard. However, Walgreens warned customers of an "increase in attacks on email systems," and advised them to exercise caution in opening links or attachments from unknown third parties.

Over the weekend, McDonald's used an email and a posting on its main site to warn customers who had have provided information through its sites or promotions that an unauthorized third party had accessed the system of an unnamed email service provider hired by McDonald's partner Arc, the marketing services division of the Leo Burnett ad agency.

McDonald's does not collect Social Security or credit card numbers online or through email; however, the data at risk may include names, mobile phone numbers, email and/or postal addresses and "general preference" information, the chain said.

McDonald's is working with law enforcement, and in the meantime warning customers who have shared data that if they are contacted by someone claiming to be from McDonald's and asking for personal financial information, they should not respond, and should call a special McDonald's phone number so that the chain can notify authorities.

Walgreens, which knew about a week ago that its email database had been breached, began notifying subscribers by email on Friday, according to the Chicago Tribune.  Only emails, not prescription or other information, are at risk, the company said.

AP reports that millions of people are likely affected by the breach at Gawker Media, which runs popular sites like Gizmodo, as well as Gawker. 

Users of Gawker Media sites, which include Gizmodo, Lifehacker, Deadspin and other sites in addition to Gawker, may be at risk for hackers having their emails, user names and passwords.  Because hackers might be able to figure out simpler passwords used by site visitors, the company is warning users who have used the same password elsewhere, particularly in bank or other financial accounts, to make sure that they change those, reported AP.

The AP report quoted a security research firm CEO saying that such attacks are common and difficult to stop. "If someone is determined and knowledgeable, you can't keep them out," said Rich Mogull of Phoenix-based Securosis.