Employees at The Washington Post were asked to change their usernames and passwords after it was confirmed the newspaper’s servers had been breached by hackers. The paper did not confirm the extent of the damage, although the all company passwords are reportedly stored in encrypted form. The public was alerted to the intrusion by the Post itself, which posted a piece about the incident on its website.
Hackers broke into our servers https://t.co/GDex5GF5TQ
— Washington Post (@washingtonpost) December 18, 2013
According to a spokesman for the newspaper, Kris Coratti, an investigation is currently under way. It was also reported that Mandiant, the security company who discovered the breach, believes the hack took place within the past few days at most. This is the third time in the past three years their system has been hacked, the Post reported.
Additionally, it is believed that any data identifying the newspaper’s subscribers has not been compromised. This includes credit card information and home addresses, the Post said. The email and publishing systems are also believed to be unaffected.
Mandiant reportedly suspects Chinese hackers may be responsible for the breach, noting that strong evidence pointed to hackers in the region during an attack in 2011. Several other news organizations, including The New York Times and Wall Street Journal, as well as human rights groups and defense contractors, have also reportedly suffered cyberattacks originating from China.
The Post also mentioned that in August their systems were compromised by the Syrian Electronic Army, who are supporters of the Bashar Assad regime. “That information could have been used by an outside source to gain unauthorized access to the company’s computer network,” the Post said. Throughout 2013, SEA launched successful attacks against many news organizations, including the Associated Press, Vice, and the Daily Dot.