Hackers attack Gannett US govt media portals and download user data

According to the Military Times newswire, the targeted company, Gannett Government Media Corporation - which operates several web sites including the Armed Forces Journal, Defense News, Federal News and Military Times - notified its customers earlier this week.

In its email, Gannett said that its family of websites suffered an online attack that resulted in some users being unable to access parts or all of the websites.

"We also discovered that the attacker gained unauthorised access to files containing information of some of our users. The information in those files included first and last name, userID, password, email address, the internal number we assigned to the account, and, if provided, ZIP code, duty status, paygrade, and branch of service", said the email notification.

"No financial information was compromised. We will be sending individual notices by email with more information to all users whose information was affected", the advisory added.

"We encourage you to take this opportunity to reset or strengthen your passwords on your Gannett Government Media Corporation or Military Times, Defense News or Federal Times accounts, as well as your other online accounts, particularly those that use the same email address used for your Gannett Government Media Corporation account as a user name or account identifier", the email said.

The Softpedia newswire, meanwhile, noted that, since the readers of these websites are mostly US military personnel, defence contractor employees, and federal government officials, the data breach can have very serious consequences.

"Attackers can use the stolen information to craft believable emails that distribute information stealing malware, or search for sensitive data themselves by abusing the already exposed passwords", says the newswire.

The incident, adds the newswire, is just the latest in a string of similar security breaches that have resulted in the exposure of login credentials.

"Since this breach occurred at the beginning of the month, it's unlikely that it is related to LulzSec's AntiSec campaign which calls for attacks against government and military-related websites. No hacking group has yet taken credit publicly for the attack", the newswire notes.

What’s Hot on Infosecurity Magazine?