Forbes is the most recent victim of another Syrian Electronic Army attack

:date_medium

On February 14th, the Syrian Electronic Army (SEA) via Twitter reported another attack, this time on Forbes‘ publishing platform, stealing user logins and passwords.

This has been a part of a series of attacks by the SEA on Western media organizations (e.g. BBC, CBS, Financial Times, New York Times, and even The Onion). Forbes recognized the attack in a statement by a spokesperson, “Forbes.com’s publishing platform was compromised. We’ve been making adjustments to the site to protect online privacy and the editorial integrity of our content. We are looking into and monitoring the situation closely. We’re taking this matter very seriously.”

SEA went on to post another tweet with a screenshot of the WordPress-powered Forbes’ list of users, noting 1,071,963 emails and passwords.

Forbes reported the SEA, who allegedly supports the Syrian President Bashar al-Assad, modified three posts, which were taken down by Forbes. This is abnormal behavior compared to previous attacks which spread pro-Assad propaganda messages and information, casting negative light to opposition groups.

Along with the Forbes website, two Twitter accounts were reported to be hacked @ForbesTech and @TheAlexKnapp, their social media editor. SEA credited Alex Knapp with the root source to the stolen information.

This should be a valuable lesson to the general public on how hackers can leverage social media as a vector of an attack, typically through an unassuming email that contains hidden malware. Not only should you be cautious of abnormal emails, but also install strong anti-virus software. More importantly for companies of all sizes, having a strong personal and company security plan is important, to include not using the same password for multiple services.