Skip to main content
Canada’s most-awarded newsroom for a reason
Enjoy unlimited digital access
$1.99
per week
for 24 weeks
Canada’s most-awarded newsroom for a reason
$1.99
per week
for 24 weeks
// //

MuchMusic has warned Web site contest entrants that their personal information may have been stolen and used by hackers, globeandmail.com has learned.

The station sent out a mass security advisory e-mail Wednesday night to all entrants saying their contest databases may have been compromised. The breach may have happened as early as May.

  • Read the memo The contests are open to people under the age of 18, and require that entrants provide a street or e-mail address, phone number and age.

MuchMusic received a complaint in May that viewers were being contacted from a person claiming to be a station employee. In all, 12 to 15 people have complained of prank calls.

Story continues below advertisement

The phone calls stopped for several months until just over a week ago when another viewer received a strange phone call.

"Information that they provided in the latest calls lead us to have serious suspicion that our database had been compromised," said Sarah Crawford, vice-president of public affairs for CHUM TV. "We still don't know if that's the case, but as soon as we thought it was a possibility we took a number of actions.

"We looked at the problem from the time we got the first call," Ms. Crawford said. "At the time we treated the calls for what they were: nuisance calls."

The advisory also says that contest entrants have received "prank" phone calls from people pretending to be MuchMusic employees.

"In the first case someone was calling them at a very strange time of day," Ms. Crawford said. "Either very late at night or very, very early in the morning which made the person suspicious."

Ed Arditti, a father from Windsor, Ont., is upset that MuchMusic didn't post a message on their Web site's home page about the security breach.

"With all the scares about viruses and trojans and hackers and things, and especially because they're dealing with kids, I would have thought that they would have a pretty secure system in place," said Mr. Arditti, who got four copies of the advisory e-mail to different addresses at his house. His children, who are in their 20s, had entered contests.

Story continues below advertisement

People under the age of 18 are eligible for the contest, providing that the prize is accepted on their behalf by their parent or legal guardian. Right now, the MuchMusic Web site is advertising 10 contests, and has published the names of recent winners on-line. Ms. Crawford said MuchMusic has a "sizeable" database.

"The issue here is that the Internet is still very much a medium in process and issues of security are always of concern, and people should be very careful about circumstances in which they offer personal information," said Al MacKay, chair of Media Awareness Network, which encourages debate on the impact of the media on children.

He said the best way for parents to to Internet-proof children is to establish clear rules and then make sure they understand the nature of what they are dealing with.

"Keeping your personal information confidential and secure is very important to us and we have taken the appropriate steps to ensure that all such data remains private," the advisory read. "However, as the Internet is not a 100 per cent secure environment, there is potential for your personal data to get into the wrong hands."

Ms. Crawford said it was determined almost immediately that the calls were not coming from an employee. The company had firewall systems to protect its databases. The station has hired forensic computer specialists to investigate.

"If you receive a call from anyone telling you they are from MuchMusic and they ask you to do anything other than to dial our headquarters hang up," the release said. "This is a prank phone call."

Story continues below advertisement

MuchMusic.com has added a warning to the site on its contest page. Once users click to enter a contest a section of the warning e-mail comes up on the screen, outlining the station's procedure when an employee contacts a contest winner. Much News host George Stroumboulopoulos issued the warning on-air just before 3 p.m. Thursday.

Chuck Wilmink, director of the Canadian Centre for Information Technology Security, said that there is no reason to store masses of data on-line.

As a security precaution, it would make sense for those who run Web sites to take all information from contests or application forms and store them on a CD-ROM, he said.

"The majority don't bother to do that," Mr. Wilmink said. "The majority leave themselves very vulnerable. A dedicated, smart Internet hacker who wants to get into the system will be able to get in."

As well, Mr. Wilmink said that those who run Web sites should consider which information they're asking for. "Why do they have to have the phone numbers? These are the kinds of things they should think about."

"We felt it was really important that we go public and let our viewership know that this [the breach]was a possibility," Ms. Crawford said. "We wanted to be proactive ... anyone who entered a contest with us since March got the advisory."

Story continues below advertisement

Mr. Arditti said the release didn't give enough information.

"It's also not clear to me from that e-mail whether someone broke into their Web site, or whether someone like an employee just downloaded a database and took it with them," he said.

MuchMusic says its primary viewership is between the age of 18 to 24, with a sceondary demographic of 12 to 17.

"It's safe to say we're on the cutting-edge of Internet protection," Ms. Crawford said. "But the benchmark changes every day. No site is 100 per cent secure."

Parents have to monitor their children's on-line time carefully, Mr. Wilmink said, because currently in Canada, there is no law that requires Web sites asking children for personal information to get their parent's permission, he said.

"Most have no idea how vulnerable their kids are," he said.

Story continues below advertisement

With a report from Allison Dunfield

Report an error
Tickers mentioned in this story
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies