Hackers have plundered more than 1.27 million job-seekers’ accounts at the Washington Post, the publication has confessed.
Attacks by an “unauthorized third party” were launched on the online Jobs section of the newspaper - once on June 27th and once again on June 28th. The hackers gained access to user IDs and email addresses, but passwords and other sensitive data remained untouched, the paper claimed.
“We are taking this incident very seriously,” a spokesman for the Post said. “We quickly identified the vulnerability and shut it down, and are pursuing the matter with law enforcement. We sincerely apologize for this inconvenience.”
The Washington Post is just the latest victim of a data breach; numerous government and business agencies have experienced attacks by hacker groups including Anonymous and the now-defunct Lulz Security – both known for compromising the security of well-known organisations as well as the publication of personal information. No such group has yet claimed responsibility for this attack, which seems somewhat less likely to have been instigated just for the 'lulz'
The Washington Post has issued a warning to its users, notifying them of the possibility of receiving malware-affected spam and said measures have since been taken to scan for potential malicious activity within the employment site.