Syrian Electronic Army hits Forbes site; claims to have taken user accounts

The hacker group known as the Syrian Electronic Army, which has been targeting Microsoft for the past several weeks, has now turned its attention to other online outlets. Today, the SEA went after the Forbes website, but this time, instead of just defacing pages, it claims to have taken 1 million user names and passwords from the site.

The official SEA Twitter account posted up a screenshot of what appears to be the editorial content backend of Forbes.com. Re/code reports that the SEA was able to write up at least one quick news post on the site before it was removed.

Another Twitter post shows a screenshot which appears to indicate the SEA got access to over 1 million user accounts for Forbes.com. At first, they claimed they were going to sell it but later the group said it will publish what they have on an Internet site for free.

A Forbes spokesperson told Re/code, ""Forbes.com’s publishing platform was compromised. We’ve been making adjustments to the site to protect online privacy and the editorial integrity of our content. We are looking into and monitoring the situation closely. We’re taking this matter very seriously." The statement did not mention anything about user accounts being stolen.

Source: SEA on Twitter and Re/code

Report a problem with article
Previous Story

HTC: 'We're working with Microsoft on the Blue update on Windows Phone 8X'

Next Story

Game Boy Advance games to be available for Wii U in April

11 Comments

Commenting is disabled on this article.

These guys demonstrate just how pathetic security is on many, if not most, web sites. Apparently Forbes does not do adequate, if any, penetration testing on their servers. This makes the folks running Forbes look cheap, and pointy haired. Penetration testing needs to be ongoing, not annual.

I wouldn't say pathetic. A big company like Forbes would have medium to high server security. SEA just know too much about how to compromise such systems (things even developers/system engineers wouldn't have thought about). I just don't understand how they could log into the CMS (as admin) in the first place. Surely Forbes would require a VPN.

actually these guys mostly use phishing attacks. It doesn't matter how secure your network is, the human remains the weakest link.

Albert said,
totally agree. and neowin seems to have a fetish in reporting their achievement.

Fetish? This is news, and technology related. Say a large site you used was hacked by them and all accounts with plaintext passwords leaked, you're saying you'd prefer to not know right?

Albert said,
totally agree. and neowin seems to have a fetish in reporting their achievement.

I would rather hear it from Neowin than not at all.