Hackers Steal User Data From Media Firm PR Newswire Web Server
A group of hackers believed to be responsible for stealing source code from Adobe hit press-release distributor PR Newswire earlier this year.Press-release distribution service PR Newswire acknowledged Oct. 16 that hackers had stolen the user names and passwords belonging to the accounts of several thousand corporate clients. The credentials were found on the same Internet server as the stolen source code for a number of Adobe products, linking the hacking group to that attack, as well. While the data appears to have been stolen as early as February 2013, PR Newswire was unaware of the breach before being notified by security researcher and journalist Brian Krebs and Alex Holden, founder and chief information officer of Hold Security, a consulting firm. PR Newswire acknowledged the breach last week and said it was conducting an investigation. "We recently learned that a database, which primarily houses access credentials and business contact information for some of our customers in Europe, the Middle East, Africa and India, was compromised," the company's CEO Ninan Chacko said in a statement posted on Oct. 16. "We are conducting an extensive investigation and have notified appropriate law-enforcement authorities. Based on our preliminary review, we believe that customer payment data were not compromised."
The cyber-criminals behind the theft of the account information have been connected to a number of other high-profile breaches discovered by Krebs and Holden's investigation, including the theft of credit card numbers and source code from Adobe and sensitive identity data from information brokers Lexis-Nexis and Dun & Bradstreet as well as risk-management firm Kroll.