AP Stylebook Breach May Have Hit Hundreds of Journalists

Written by

The Associated Press (AP) has warned that users of a popular writing style guide have been hit by phishing attacks after their personal information was compromised in a data breach.

The Associated Press Stylebook (APS) is used by journalists and editors to ensure their copy conforms with official AP writing guidelines. However, threat actors manage to obtain subscribers’ personal information after targeting a legacy third-party site.  

“The personal information was stored in a database that was accessible on an old APS website that was no longer in use but still available online and maintained on our behalf by an outside service provider, Stylebooks.com,” read a breach notification.

“As a result of the security incident described below, personal information of APS customers stored on the old website was unlawfully accessed and may have been acquired by an unauthorized third party.”

The incident was only discovered after victims alerted Stylebooks.com that they’d started receiving phishing emails directing them to a fake APS site which requested credit card details.

It was assessed that the threat actor had accessed the old website between July 16 and July 22 2023.

The variety of information accessed appears to be significant.

“Our investigation determined that the personal information affected included your name, email address, street address, city, state, zip code, phone number, and User ID. AP Stylebook had also requested Tax Exempt IDs, where applicable, when customers made a purchase, and our records show that you submitted a 9- digit number,” the notification continued.

“Because we cannot rule out that the 9-digit number you provided in response to that request is a Social Security Number or a Taxpayer ID, we have decided to proactively let you know that your Social Security Number or Taxpayer ID may have been accessed and acquired by third parties as a result of this incident.”

AP has alerted all victims about the phishing emails and is offering 24 months of complimentary credit monitoring and identity restoration services. It is also forcing all APS customers to change their passwords before accessing the active AP Stylebook website.

Although only 224 individuals appear to have been impacted by this incident, journalists in particular are highly sought after targets for cyber-espionage.

Editorial image credit: NYC Russ / Shutterstock.com

What’s hot on Infosecurity Magazine?