Popular financial magazine Forbes is warning people who have registered on its website to be on the lookout for phishing scams after the site was hacked by the Syrian Electronic Army. The notorious hacker group compromised the website last week and Forbes admitted user data was accessed and likely stolen. The email addresses of everyone who is registered on the site were exposed. The site was also defaced and had a fake story posted on it. According to published reports, the group bragged about its work on Twitter:
The Twitter account of the SEA had this post: “#Forbes users table (1,071,963 user-email-password) was dumped successfully, Anyone want to buy it?” https://twitter.com/Official_SEA16. And in a later tweet, the SEA warned that it was planning to publish a database of all Forbes users as soon as it could find “a secure host” on which to upload it.
The group also hacked 3 of Forbes’ Twitter accounts. The company issued an apology to its users and said it was making changes to prevent such an incident from happening again. In the meantime, if you’re a registered member of Forbes.com, change your password right away.
SEA has been making headlines for some time now. They’ve hacked the websites and Twitter accounts of many prominent organizations including the Associated Press and New York Times. They support the Syrian government and frequently target human rights organizations and western news outlets that have been sympathetic to the anti-government movement there. It’s unclear how much, if any, a connection the government itself has to the group.