Security |
The Washington Post's servers were penetrated by hackers who accessed employees' user names and password data in a breach that marked the third intrusion in as many years, the paper reported.
Security personnel still don't know the full extent of the loss, an article published Wednesday said. The intrusion was discovered by outside security consultant Mandiant, which reported it toWashington Post officials Wednesday. Compromised data includes employees' user names and passwords that were "stored in encrypted form," which typically means as a cryptographic hash. Postofficials, working under the assumption that a fair percentage of hashed passwords can be cracked, planned to direct all employees to change their passwords.
There's no evidence yet that subscriber information such as credit card data or home addresses was accessed. There was also no immediate sign that hackers had accessed the paper's publishing system, employee e-mail databases, or sensitive personal information belonging to workers. Wednesday's article cited a Washington Post official as saying investigators believe the intrusion lasted at most a few days.
Large international news organizations have become a common hacking target in recent years. Early this year, the New York Times said China-based attackers persistently intruded on its internal serversfor four months straight. In the process, they obtained password data for all of its reporters and other employees. The Wall Street Journal suffered its own intrusion around the same time. And in February, KrebsonSecurity reporter Brian Krebs uncovered an attack on Washington Post systems, also by suspected hackers from China. The NYT, Washington Post, Associated Press, and other news organizations have also been successfully targeted in other hacks, including a string of them by a group calling itself the Syrian Electronic Army.
Source : Ars Technica
No comments