More than a million email addresses and user IDs were compromised, after a hack at the Washington Post
A data breach at The Washington Post has exposed the details of around 1.27 million users of its job pages.
In two separate attacks on 27 and 28 June, user IDs and email addresses were exposed, although no passwords or other personal information was affected, the newspaper said.
“We discovered that an unauthorized third party attacked our Jobs website,” said a Washington Post statement.
“We quickly identified the vulnerability and shut it down, and are pursuing the matter with law enforcement.”
The paper also said that affected users may receive spam emails as a result of the intrusion and warned against phishing attacks.
Long list of victims
Numerous high-profile organisations have suffered data breaches or website attacks in recent months, keeping security at the top of the news and business agenda.
Last week the website of India’s National Security Group counter-terror unit was hacked and officers’ email accounts compromised, according to reports.
Ray Bryant, CEO at Idappcom, a data traffic analysis and security firm said: “Website security is no longer the set-it-and-forget-it aspect of IT defences that it used to be in the days of a static site.
“Modern websites need on-going and in-depth security reviews in order to defend against an evolving hacker threat.”
High profile hacktivity
A recent spree by hacktivists LulzSec and Anonymous kept them in the headlines as they stole data from Sony, Nintendo and American law enforcement agencies, as well as disrupting websites belonging to, among others, the CIA, US Senate and the Serious and Organised Crime Agency (SOCA).
Lulzsec appeared to disband last week, as law enforcement agencies looked to be tightening the net on them with arrests here in the UK and FBI raids in America. However, recent reports suggest that the hackers have rejoined their parent hacktivist organisation Anonymous.
Essex teenager Ryan Cleary, 19, is currently on bail awaiting trial for offences under the Computer Misuse Act relating to the attack on SOCA and two music organisations for which LulzSec claimed responsibility