The Syrian Electronic Army wins again as 1 million Forbes accounts breached
The Syrian Electronic Army (SEA) has struck again, defacing the Forbes news website and publishing the names, email addresses and encrypted passwords of over a million of its users.
The group claimed responsibility for the attack on Friday, showing off screenshots taken from the site’s Wordpress publishing system and suggesting that the stolen user credentials for 1,057,819 accounts would be put up for sale. Instead, the SEA later dumped the cache as a file on a third-party site.
Forbes quickly admitted the breach, warning on Facebook that “the email address for anyone registered with Forbes.com has been exposed. Please be wary of emails that purport to come from Forbes, as the list of email addresses may be used in phishing attacks.” “The passwords were encrypted, but as a precaution, we will strongly encourage Forbes.com readers to change their passwords on our system once we make sign-on available again,” read the notice.