Associated Press warns that AP Stylebook data breach led to phishing attack


The Associated Press is warning of a data breach impacting AP Stylebook customers where the attackers used the stolen data to conduct targeted phishing attacks.

The AP Stylebook is a commonly used guide on grammar, punctuation, and writing style for journalists, magazines, and newsrooms worldwide.

This week, the Associated press warns that an old third-party-managed AP Stylebook site that was no longer in use was hacked between July 16 and July 22, 2023, allowing the data for 224 customers to be stolen.

The stolen information includes a customer’s name, email address, street address, city, state, zip code, phone number, and User ID. For customers who entered tax-exempt IDs, such as a Social Security Number or Employer Identification Number, those IDs were stolen as well.

The AP says they first learned of the possible data breach on July 20, 2023, after AP Stylebook customers reported receiving phishing emails stating they needed to update their credit card information.

After learning of the phishing attack, the AP took the old site and phishing offline to prevent further attacks.

At the end of July, the company began alerting AP Stylebook customers of the phishing attacks, warning that the emails came from ‘support@getscore.my[.]id’ with a subject similar to “Regarding AP Stylebook Order no. 07/20/2023 06:48:20 am.” 

Tweet

The Associated Press also requires all AP Stylebook customers to reset their passwords on the next login.

While this was not a significant data breach, with only 224 customers impacted, the login credentials for journalists and media companies are highly sought after by cybercriminals.

Gaining access to the network of a media company could lead to a wide variety of attacks, including extortion and ransomware attacks, data theft, and cyber espionage.

In the past, local and global media outlets suffered ransomware and cyberespionage attacks, including News Corp, the Philadelphia Inquirer, and German newspaper Heilbronn Stimme.

BleepingComputer contacted the Associated Press to learn more about the phishing attack and will update this article if we learn more.





Source link