Someone has attacked the jobs section of the Washington Post's official site. As a result, the intruders managed to find over 1.2 million user IDs and e-mail addresses. The website in question allows people to search job listings and post resumes.
A spokesperson for Washington Post claimed that the worst its users would have to face is spam emails, while stressing that no passwords or other personal information were exposed, ensuring people that users’ accounts at their employment site remain secure.
They added that such spam should be simply ignored. Of course, they warned users to avoid opening suspicious or unsolicited e-mail. The only thing Washington Post forgot to say is how its security was breached by the hackers.
In fact, that’s the downside of an operation which clearly harvests the personal info of its own readers, since the paper demanded that Internet users provide some personal information before registering on the website. Although online users assumed that the provided information would be kept safe, it’s clear that in this case it definitely wasn’t.
Meanwhile, the attack hasn’t been announced by any of the expected hackers, which means that it wasn’t carried out by hackers involved into AntiSec campaign, like Anonymous, – these ones are only breaking websites to make their attacks public. So, the website was most likely brought down by those who were looking for information which could be used in spam, or fraud, or both.
Now the Washington Post readers are questioning how secure the rest of the website is. In response, the paper said it was pursuing the issue with law enforcement, while implementing new security measures and auditing the website’s security. The representatives of the Washington Post assured its readers they were taking that incident very seriously.
The paper also brought sincere apologies for the inconvenience, explaining that the attack on the website occurred on June 27 and 28, in two brief episodes. However, it took some time for the paper to notify its readers by e-mail, which was explained by the Post by investigating the attack, retesting their security systems and discussing the issue with law enforcement. The paper said they wanted to make sure they had had a complete understanding as to what had happened before providing their customers with relevant information.