The Washington Post Jobs site has joined a growing list of websites being hit with data security breaches. In an email to users last week the Washington Post verified that an “unauthorized third party attacked” the Jobs website once on June 27 and once on June 28. While user IDs and e-mail addresses were compromised, Washington Post assured customers that passwords and other sensitive data were not a part of the breach. 1.27 million accounts were compromised.
The publication noted that no other parts of washingtonpost.com or the Washington Post system were affected. Users are urged to be cautious about any emails they receive, as it’s expected the user data will be used for spear phishing and data mining campaigns.Users were also cautioned to be aware of additional SPAM, and offered these tips for recognizing it:
- You do not recognize the sender.
- The message is unexpected or unsolicited.
- The subject line and/or e-mail contain misspellings or grammatical errors.
- The message is alarmist or has a strong sense of urgency.
- The message includes or references an altered, misspelled, suspicious, or bogus web address. (You should always verify web addresses before clicking on a link.)
- The message requests money or rescue.
- The message solicits personal information (e.g., password or bank account number).
The Washington Post established an online Q and A and directed individuals to the Stay Safe Online site sponsored by the National Cyber Security Alliance. The web site offers online safety tips and Internet awareness on topics ranging from cyberbullying for parents and kids to business tips on computer safety.
The Washington Post Jobs breach follows a string of highly publicized breaches of government agencies, major companies and small businesses.