The saying “don’t believe everything you read” certainly applied to a recent hacking incident involving trusted news source Reuters. An article on Reuters described the attack, which targeted the company’s blog network. The series of posts presented false information on the struggle over Syria – an armed uprising against the country’s existing government.One of the fraudulent blog posts detailed a false interview with Riad al-Asaad, the head of the Free Syrian Army, which is one of the primary sources of opposition to the Syrian government. The post claimed that al-Asaad planned to pull his armed forces away from the province of Aleppo. However, both the Free Syrian Army and Reuters later indicated the interview had never happened.
The company’s blogging platform was taken down while it worked on addressing the problem, but it wasn’t the last security breach the news site would encounter. According to separate Reuters article, the company’s Twitter account was hacked approximately 48 hours later. The attackers posted 22 false tweets related to the Syrian struggle, reporting false information regarding numbers lost by rebel forces.
Reuters: Security lessons learned
Although it isn’t clear who is behind the Reuters hacking, the incident did provide a lesson about security. According to a recent Wall Street Journal blog post, the hacker was allowed to take control of the blogging network due to Reuters using an older version of WordPress. Despite WordPress’s security update notification and automatic update feature, the attacker was still able to break into the news source’s platform.
“If organizations ignore those notifications and stay on an outdated version, then they put themselves at risk of these sorts of breaches,” Mark Jaquith, one of the lead developers of the WordPress core, told CIO Journal.
The big lesson everyone can learn from Reuters is that protecting data and preventing security breaches isn’t always a complicated endeavor. Sometimes, it’s just a matter of clicking on that “update” button.
Have you ever been targeted by a hacker? What security measures did you have in place to prevent cyber attacks?