RSS Alerts

Share

More services

Related Links

  • Softpedia
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

Top 5 Stories

News

Hackers attack Gannett US govt media portals and download user data

01 July 2011

Hackers are reported to have gained unauthorised access to a network of US defence industry news portals and downloaded sensitive user information that could be used in spear phishing and other types of targeted attacks.

According to the Military Times newswire, the targeted company, Gannett Government Media Corporation - which operates several web sites including the Armed Forces Journal, Defense News, Federal News and Military Times - notified its customers earlier this week.

In its email, Gannett said that its family of websites suffered an online attack that resulted in some users being unable to access parts or all of the websites.

"We also discovered that the attacker gained unauthorised access to files containing information of some of our users. The information in those files included first and last name, userID, password, email address, the internal number we assigned to the account, and, if provided, ZIP code, duty status, paygrade, and branch of service", said the email notification.

"No financial information was compromised. We will be sending individual notices by email with more information to all users whose information was affected", the advisory added.

"We encourage you to take this opportunity to reset or strengthen your passwords on your Gannett Government Media Corporation or Military Times, Defense News or Federal Times accounts, as well as your other online accounts, particularly those that use the same email address used for your Gannett Government Media Corporation account as a user name or account identifier", the email said.

The Softpedia newswire, meanwhile, noted that, since the readers of these websites are mostly US military personnel, defence contractor employees, and federal government officials, the data breach can have very serious consequences.

"Attackers can use the stolen information to craft believable emails that distribute information stealing malware, or search for sensitive data themselves by abusing the already exposed passwords", says the newswire.

The incident, adds the newswire, is just the latest in a string of similar security breaches that have resulted in the exposure of login credentials.

"Since this breach occurred at the beginning of the month, it's unlikely that it is related to LulzSec's AntiSec campaign which calls for attacks against government and military-related websites. No hacking group has yet taken credit publicly for the attack", the newswire notes.

This article is featured in:
Application Security • Compliance and Policy  • Data Loss  • Malware and Hardware Security • Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012