STE WILLIAMS

The Washington Post late today reported that its servers were hacked and employee usernames and passwords compromised in the attack, which was detected by a contractor that monitors the news organization’s network.

Post officials today were alerted by incident response and detection firm Mandiant. Officials at the media organization believe intrusion may only have been in the works for a few days, although they do not yet have full details the breadth of the exposed information. Post employees are being urged to change their usernames and passwords, even though those passwords were encrypted.

The news organization’s publishing system, email, and employee personal information appear to be safe despite the breach, the report says.

A server used by The Post’s foreign staff was initially infiltrated, which then led to the breach of other company servers, the report says.

Chinese cyberespionage attackers are considered a likely culprit, especially given the 2011 breach of the Post’s network that had the earmarks of a cyber-spying mission out of China. That attack appeared to be part of a campaign of targeted attacks against major media outlets, human rights groups, and defense contractors. The New York Times and The Wall Street Journal were also hit in those attacks.

The Post in August was the target of the Syrian Electronic Army hacktivist group, which employed a phishing attack that resulted in a Post staff writer’s personal Twitter account being hijacked by the SEA to post its own messages. And some articles from the Post’s website were temporarily redirected to the SEA’s website.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/attacks-breaches/washington-post-servers-infiltrated-empl/240164882