Forbes Users Hit By Syrian Electronic Army Attack

Prolific hacktivists the Syrian Electronic Army (SEA) have struck another major US institution, carrying out an attack which stole the details of over a million customers of Forbes.com before later revealing them online.

The US business site confirmed on its Facebook and Twitter accounts that it had been the target of a ‘digital attack’ and that its website had been compromised, but did not confirm the scale of the attack or that the details had been published online.

The SEA posted various messages to its Twitter account claiming responsibility for the attack, sharing a screenshot of Forbes online publishing system. The group claimed that it had and accessed a Forbes employee’s accounts in order to do so, similar to how it managed to hack Microsoft’s Office blog recently.

Forbes’ statement says that the company has notified the appropriate law enforcement agencies, and also urges users to change their passwords. Although the passwords were encrypted and not stored in plain text, the details may still be accessible to third parties with advanced decryption tools, meaning users should remain on their guard.

Latest attack

In an email , the SEA stated that they targeted Forbes because the financial publication’s “hate for Syria is very clear and flagrant in their articles.”

The attack also targeted specific news content, altering the text of several stories that had already been published to contain pro-Syrian messages, forcing Forbes to remove them. Several Forbes authors had pro-SEA messages put into their personal blogs, with some even having their Twitter accounts hacked to read “Syrian Electronic Army was here”, before control was regained over the weekend. The group also published its own one-sentence article saying “Hacked by the Syrian Electronic Army”, a tactic it has used in previous attacks.

The Forbes blog page also appears to have been hit by the attack, and is still offline. The company’s blog is an important aspect of the site’s content; publishing input from a wide range of contributors.

The attack marks the latest in a series of attacks by the SEA on high-profile US media organisations. Last month, CNN was targeted by the group, with its blogs, Twitter and Facebook accounts all hacked by the SEA, which was apparently angered by CNN broadcasting reports containing what the SEA called ‘unverifiable information’ on the current situation inside Syria. The group also recently attacked eBay and PayPal, where users were greeted by anti-US government messages after an attack on the DNS infrastructure serving some UK customers in the UK.

What do you know about Internet security? Find out with our quiz!