It seems like the Swiss media landscape is getting hacked a lot. The reasons are unclear—maybe it’s due to their IT systems or possibly the political landscape making them attractive targets.
Recently, OneLog, the centralised login system for Swiss media, was also hacked. This meant a significant part of the Swiss population couldn’t access their media accounts.
Background on OneLog
If I understand it correctly, OneLog exists to streamline user data sharing among major Swiss publishers, mainly for advertising purposes.
Communication
As someone working in IT, I know hacks are an unfortunate but inevitable part of the digital world. Most don’t get enough publicity for us to hear about them, and typically, their impacts aren’t so public-facing. But when a hack does go public, it’s often surprising how poorly the communication is handled. People want to know their data is secure1.
Unfortunately, OneLog’s communication has been frustratingly poor. Initially, some affected media properties mentioned the hack on their websites, but they shared little information beyond noting that login and commenting were unavailable.
There’s still no clear information available, which is concerning. What’s happening with the data? Are passwords or email addresses2 compromised? Is any collected advertising data at risk?
These questions deserve answers, ideally as soon as possible.
Silver Linings
There are two small positives here. First, this incident highlights the importance of taking cybersecurity seriously and exposes the risks of centralising login systems.
Secondly, with normally paywalled news temporarily accessible to the public, it’s been refreshing. While I fully support paying for quality journalism (and am fortunate enough to do so), I remember the days when diverse news sources were freely available online. Not only was it easier to access various viewpoints, but it also made for a rich RSS feed experience—which, for now, is something I’m happily enjoying once again.
People want reassurance that their data is safe, even if it’s not. And if something goes wrong, prompt, clear communication is essential, so users can take action, like changing passwords, as soon as possible. ↩︎
While email addresses may not seem critical, they could be used for targeted spam or phishing. ↩︎