Hackers Slurp over a million user accounts from Washington Post
The Washington Post website has been hit with a double security breach. Hackers have made off with around 1.3 million user IDs and email address from the “Jobs” section of the site. The attackers were able to gain access on two separate occasions: on the 27th and 28th of June.
To their credit, the Washington Post appears to have acted quickly to plug the gap and set up an appropriate response. It appears that user passwords and other personal information remains safe. The Post is currently investigating the incident, has taken steps to prevent against similar attacks, and is “pursuing the matter with law enforcement”.
It appears that the worst that users can expect is an increase in the amount of unsolicited SPAM emails, as user accounts on the Jobs website remain secure.
How Did This Happen?
The Washington Post did not specify how the attack occurred, but it is quite possibly SQL Injection, or some other kind of database attack, as it appears that a database was stolen. In an SQL Injection Attack, a hacker injects his own SQL commands into a web server to read from database tables that are normally restricted. It is one of the most popular types of attacks against websites and can be used to steal entire databases.
How was the Incident Detected?