Recent reports have revealed that the press release service PR Newswire has suffered a large scale loss of user account information. The login details and encrypted passwords of a number of PR firms in Europe, the Middle East, and Africa were discovered on a server also used to host data stolen from software company Adobe. It is thought that vulnerabilities identified from the source code of the ColdFusion web application presented an attack vector into the database. Though the theft of the data has only recently been discovered, it is thought to have been stolen in March of this year. PR Newswire has reacted to the development by automatically resetting passwords to minimise the risk of duplicitous use of accounts.
A similar yet unrelated incident occurred when an individual took advantage of comparatively lax security measures at the Swedish press release distributor Cision AB. A man claiming to be an executive of the technology firm Fingerprint Cards issued a fake release announcing a takeover from Samsung, prompting a $200 million jump in the Gothenburg firm’s market value. The trades relating to the fraudulent release were later cancelled, while Cision has vowed to shift to an authenticated online system of submission.
The prospect of subsequent data breaches as a result of the theft of source code from Adobe was considered in our coverage of the initial breach in the last edition of the Monitor. Had the responsible group been able to circumvent the password encryption, they may have been able to upload fraudulent press releases and cause significant reputational damage to the firms involved. Though that incident appears to have been orchestrated by a Russian criminal group, the takeover of official media accounts and social media platforms has been an emerging vector for hacktivist groups in recent months. A particularly notable incident occurred in April when the Syrian Electronic Army (SEA) were able to breach the Twitter account of the Associated Press. The subsequent announcement of an explosion at the White House that had injured President Obama caused a temporary 140-point dip in the Dow Jones Industrial Average. This period has also seen the SEA launch further spear-phishing operations against the Independent newspaper, while members of the group were successful in efforts to take a number of websites relating to the government of Qatar offline.
The likely continued prevalence of spear-phishing and larger scale attempts to obtain account details through fraud means that public-facing firms with weaker security measures continue to face the threat of reputational damage and financial losses as a result of such activity. Accordingly, these latest incidents emphasise the importance of good hygiene surrounding all media operations – especially as comparatively simple measures such as raising awareness of the threat and routinely changing passwords can be used to reduce the possibility of an attack.