Data security breach at the North Pole! Santa’s Naughty/Nice list compromised

Grumpy SantaFollowing attacks on Gawker, Walgreens and McDonalds, it seems hackers have set their eyes on a new target: Santa!

Reports from the North Pole have confirmed that Santa’s Naughty/Nice list has been compromised.

The list is said to contain the name, stocking address and naughty/nice score (the child equivalent of a credit score) of every child on earth. Absent from the leaked data is the “What I want for Christmas” list which is said to be stored in a separate database.

While St. Nick is not commenting on how the leak occurred, an insider elf mentioned a spear phishing campaign a few days ago promising milk and cookies after logging in to a suspicious site.

In the meantime, Santa is asking children to reset the password on their stockings. Santa’s workshop has also set up a hotline for children who get coal in their stockings on Christmas day due to any mix up.

This attack and others are a reminder to all that sending spam will land you on the naughty list, even if you manage to get a copy of that list.

Season's Greetings from Sophos

Hat tip: Thanks to SophosLabs researcher Tareq Alkhatib for bringing this breaking news story to our attention.