On February 14, 2014 Forbes announced a statement on their Facebook page that their publishing network had been breached, the post on Facebook read as follows:
Security message: Forbes.com was targeted in a digital attack and our publishing platform was compromised. Users’ email addresses may have been exposed. The passwords were encrypted, but as a precaution, we strongly encourage Forbes readers and contributors to change their passwords on our system, and encourage them to change them on other websites if they use the same password elsewhere. We have notified law enforcement. We take this matter very seriously and apologize to the members of our community for this breach.
The hackers identified themselves as (SEA) Syrian Electronic Army and initially posted on their claim of the attack with screenshots of their presence on one of Forbes’ WordPress systems as proof that they had breached Forbes’ network. The cyber thieves later posted their intent to sell the compromised database records of more than 1,000,000 Forbes user accounts, only to come back with another post intimating the previous was only a joke and that their true intent was to publish the database as soon as they found a secure host to upload the database on. In short order the SEA hackers did just as they said they would and completed the data dump providing links for anyone with (nefarious) intent to access. Below is a breakdown of many of the types of email domains of the affected Forbes clients:
- 25,050 Aol.com
- 407,787 Gmail.com
- 844 (.GOV)
- 14, 572 (.EDU)
- 91,464 Hotmail.com
- 3,460 Mac.com
- 185,271 Yahoo.com
Upon further inspection of the data dump it was determined that the Forbes passwords were salted and hashed, which makes it much more difficult for hackers to recover individuals passwords, it could be done but would require a great deal of time and/or machinery to accomplish simply for the purposes of phishing.
For Forbes users the best advice that can be given is to change your username and password using 14 random letters both upper and lower case mixed in with symbols and numbers and not to reuse the username or password for other sites. Do not click on links in any emails you might receive from Forbes or other entities, no matter how official they may seem. Instead if you receive an email with a link go directly to the official website source to inquire as to its validity. Cyber data dumps of this nature are typically involved in phishing scams that follow the dump where the cyber criminals attempt to extract more sensitive data from the victims of the email account breach. Practice safe internet security and do not reuse or share your identity information.
Additional Resources About This Breach:
https://haveibeenpwned.com/PwnedWebsites#FFShrine
http://www.datalossdb.org/incident_highlights/61-forbes-data-breach-impacts-over-1-millions-accounts