Recent reports have revealed that the press release service PR Newswire has suffered a large scale loss of user account information. The login details and encrypted passwords of a number of PR firms in Europe, the Middle East, and Africa were discovered on a server also used to host data stolen from software company Adobe. It is thought that vulnerabilities identified from the source code of the ColdFusion web application presented an attack vector into the database. Though the theft of the data has only recently been discovered, it is thought to have been stolen in March of this year. PR Newswire has reacted to the development by automatically resetting passwords to minimise the risk of duplicitous use of accounts.
A similar yet unrelated incident occurred when an individual took advantage of comparatively lax security measures at the Swedish press release distributor Cision AB. A man claiming to be an executive of the technology firm Fingerprint Cards issued a fake release announcing a takeover from Samsung, prompting a $200 million jump in the Gothenburg firm’s market value. The trades relating to the fraudulent release were later cancelled, while Cision has vowed to shift to an authenticated online system of submission.