Syrian Electronic Army hacks into Forbes.com – USA TODAY
The Syrian Electronic Army, the cyber wing of Bashar al-Assad’s army, said it hacked Forbes.com website Friday, claiming it compromised user data, defaced webpages and posted a fake story to the site.
A Forbes spokesperson Sunday confirmed that the site had been hacked and that some user data may have been compromised.
In a security message on Forbes.com, a message posted over the weekend from Forbes staff said, “The email address for anyone registered with Forbes.com may have been exposed.” The site has temporarily disabled user logins.
The SEA announced the hacking on Twitter on Valentine’s Day, posting a story titled “Hacked by the Syrian Electronic Army” under cybersecurity correspondent Andy Greenberg’s byline.
The hacking group, whose members are anonymous, claimed in an email sent to and published by the International Business Times that they targeted Forbes because the financial publication’s “hate for Syria is very clear and flagrant in their articles.”
On Friday, the Twitter account of the SEA had this post: “#Forbes users table (1,071,963 user-email-password) was dumped successfully, Anyone want to buy it?” https://twitter.com/Official_SEA16. And in a later tweet, the SEA warned that it was planning to publish a database of all Forbes users as soon as it could find “a secure host” on which to upload it.
The hackers also defaced a number of other pages on the site, and they hijacked the Twitter accounts @ForbesTech, @TheAlexKnapp and @Samsharf, according to published reports by IBT, tech news website CNET and Romensko, a media news website.
Alex Knapp is the social media manager for the Forbes site, and two published reports claimed the site had been accessed through his Twitter account. Samantha Sharf is a personal finance/markets reporter for the magazine.
The Forbes security message also warns users to “be wary of emails that purport to come from Forbes, as the list of email addresses may be used in phishing attacks.” Phishing attacks are mounted, using fake emails that appear to be from legitimate companies or institutions and asking for personal information such as passwords and credit card information.
It went to “strongly encourage” users to change their passwords once it makes sign-on available again.
“We have notified law enforcement. We take this matter very seriously and apologize to the members of our community for this breach.”
Mia Carbonell, a Forbes spokesperson, said in an email Sunday: “We’ve been making adjustments to the site to protect online privacy and the editorial integrity of our content.”
She added, “We’re looking into and monitoring the situation closely” and that warnings to users about what happened were also posted on Forbes‘ Facebook and Twitter accounts.