Another day, another report of a cyberattack against a media company. Except in this case there were two. Social media giant Twitter and the Washington Post were the latest companies to reveal they, too, were victims of cyberattacks. But the Post is alone in directly stating that the attack was likely the work of Chinese hackers, just like the New York Times and Wall Street Journal did earlier in the week. Bloomberg also said it had suffered an attack but insisted its system wasn’t breached and Reuters said it was hacked twice in August, although no details were released on the source.
The Post attack was first discovered in 2011 even though the hackers likely first successfully hacked the paper’s systems as early as 2008. Sources say sensitive passwords were probably compromised, likely giving hackers access to the paper’s network before they were cut off. Several of the paper’s journalists are none too happy that the company kept this quiet, seemingly only revealing the news to its own employees after a blog run by a former Post staffer broke the news. The blog—Krebs on Security—claims National Security Agency and Defense Department experts took one of the servers for analysis, but the Post wasn’t able to confirm whether that was true. (Disclosure: Slate and the Washington Post are owned by the same parent company.)
For its part, Twitter revealed in a blog post that it has detected an effort to gain access to its data earlier in the week. Even though the company claims it was “able to shut it down in process moments later,” the hackers may have still stolen some data—including names, email addresses, and encrypted passwords—from around 250,000 users. The company highlighted this amounted to “only a very small percentage of our users.” The hackers likely gained access by taking advantage of compromises in an employee’s computer created by Java.
If there’s a chance you still haven’t disabled Java in your browser, read the handy guide by Slate’s Will Oremus—even Twitter recommends it.
