The Washington Post reports that their own servers have been compromised by hackers for the third time in three years, exposing employees’ user names and passwords.
It is not known how long the attackers had access to the systems, but Post spokeswoman Kris Coratti said “this is an ongoing investigation, but we believe it was a few days at most.”
The extent of the breach has not been determined, but company officials are instructing all employees to change their network login credentials on “the assumption that many or all of them may have been compromised.”
The Post confirmed that the credentials were stored in encrypted form, but are wary of the possibility that they may be susceptible to being “cracked” with enough time. The company is confident that no customer data, like payment information, was breached.
In 2011 The Post’s servers were breached in an operation that appears to have been conducted out of China, but accurate attribution is circumstantial at best. also compromised were the New York Times, the Wall Street Journal, and several human rights groups and defense contractors.
Hacktivist group the Syrian Electronic Army briefly redirected Post website traffic in August, and was “also suspected in a ‘phishing’ attack aimed at securing the log-in information of the e-mail accounts of Post journalists,” which could have been a precursor to this latest breach, The Post reported.
“The source of the attack sent e-mails to Post employees that appeared to emanate from colleagues. The e-mails directed recipients to click a link and provide log-in data. That information could have been used by an outside source to gain unauthorized access to the company’s computer network.”
Categories: Top Security Stories