Hackers Steal User Data From Media Firm PR Newswire Web Server

A group of hackers believed to be responsible for stealing source code from Adobe hit press-release distributor PR Newswire earlier this year.

Press-release distribution service PR Newswire acknowledged Oct. 16 that hackers had stolen the user names and passwords belonging to the accounts of several thousand corporate clients.

The credentials were found on the same Internet server as the stolen source code for a number of Adobe products, linking the hacking group to that attack, as well. While the data appears to have been stolen as early as February 2013, PR Newswire was unaware of the breach before being notified by security researcher and journalist Brian Krebs and Alex Holden, founder and chief information officer of Hold Security, a consulting firm.

PR Newswire acknowledged the breach last week and said it was conducting an investigation.

"We recently learned that a database, which primarily houses access credentials and business contact information for some of our customers in Europe, the Middle East, Africa and India, was compromised," the company's CEO Ninan Chacko said in a statement posted on Oct. 16. "We are conducting an extensive investigation and have notified appropriate law-enforcement authorities. Based on our preliminary review, we believe that customer payment data were not compromised."

The cyber-criminals behind the theft of the account information have been connected to a number of other high-profile breaches discovered by Krebs and Holden's investigation, including the theft of credit card numbers and source code from Adobe and sensitive identity data from information brokers Lexis-Nexis and Dun & Bradstreet as well as risk-management firm Kroll.

PR Newswire is the latest media firm to come under attack by cyber-criminals, hacktivists and nation-state spies. The Syrian Electronic Army, allegedly a hacktivist group but thought to have connections to Syrian President Bashar al-Assad, has hit a number of media outlets and social-media sites, including the Associated Press, Reuters, The New York Times and Twitter. Hackers connected with the Chinese government hacked into The Wall Street Journal and The New York Times in late 2012 in a search for details about sources and critics quoted in those newspapers' articles.

It's uncertain what the cyber-criminal group behind the PR Newswire attack hoped to gain, Hold Security's Holden told eWEEK. Adobe's source code could be fairly easily monetized, as could the credit card data and sensitive information from the information brokers.

"We don't understand their mindset," he said. "In the past, we have seen a lot of gangs that specifically target an industry, like banks. PR Newswire and several other sites have no data that fits that MO."

The access could have been used to send out fake press releases and manipulate financial markets. A single fake tweet from the Associate Press' hacked Twitter account in April, claiming explosions at the White House, led to a brief stock market decline of about 1 percent. Attacking media firms tends to have the biggest payoff for hactivists, Holden said.

"Media firms are always in the public eye, and for these types of attackers, it gives them credibility and a platform," he said.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...