Washington Post Data Breach Affects More Than 1 Million Job Seekers

User IDs, email addresses compromised in two separate attacks
The Washington Post reported Thursday night that user IDs and email addresses of more than 1 million job seekers on its Jobs site have been compromised.

"We discovered that an unauthorized third party attacked our Jobs website and was able to obtain access to certain user IDs and e-mail addresses," the Post reported in an online message. "No passwords or other personal information was affected." The vulnerability has been identified and shut down, the newspaper said.

The attack occurred in two brief episodes -- once on June 27 and once on June 28, according to the message. The newspaper said it is not sure of the exact number of individuals affected, but roughly 1.27 million user IDs and email passwords might have been compromised.

The Post says that users whose email addresses were accessed might receive some spam, but the newspaper believes that the accounts on the Jobs site remain secure.

The newspaper did not give details on the exact nature of the attack, what the vulnerability was, or how it was shut down. "We have implemented additional measures to prevent against a similar attack in the future, and we are pursuing the matter with law enforcement," the message said. "In addition, we are conducting a thorough audit of the security of the Jobs site."

The incident follows a June 7 cyberattack on Gannett Government Media, publisher of several publications for the military and government readers. The attackers accessed files containing personal subscriber data, including name, user ID, password, email address, and customer numbers.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.