X

Washington Post says job seeker data was breached

More than 1 million user IDs and e-mail addresses are exposed by breach on newspaper jobs site.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
 

About 1.27 million user IDs and e-mail addresses belonging to people looking for employment on The Washington Post Jobs Web site were affected by a data breach last week, the newspaper says.

"We discovered that an unauthorized third party attacked our Jobs website and was able to obtain access to certain user IDs and e-mail addresses. No passwords or other personal information was affected," the company said in a notice on its site. "We are taking this incident very seriously. We quickly identified the vulnerability and shut it down, and are pursuing the matter with law enforcement. We sincerely apologize for this inconvenience."

The attack happened on June 27 and June 28, the statement said, adding that the accounts on the site remain secure.

The company said affected people may get spam and warned them to be wary of unsolicited e-mails that could be phishing attacks designed to steal passwords and other data. For instance, hackers could send e-mails purporting to be from The Washington Post that trick recipients to reveal their passwords or credit card information.