NY Post is hacked by the Syrian Electronic Army on Twitter and Facebook

New York PostThe New York Post is the latest casualty of the notorious Syrian Electronic Army's hacking war against media organisations around the world.

Hackers broke into the Facebook and Twitter account of the NY Post and a number of Twitter accounts belonging to its journalists, posting messages saying "The Syrian Electronic Army Was Here".

Amongst the victims was Mike Puma, who covers the NY Mets baseball team for the newspaper.

New York Post staffer's Twitter account

Meanwhile, the pro-Assad Syrian Electronic Army posted a screenshot of what appears to be the administration panel for the New York Post's SocialFlow account, used to manage social media activities.

NY Post's hacked SocialFlow account

Of course, if a hacker has control of your SocialFlow admin panel they can pretty much do what they like with your Facebook and Twitter account until you can get them evicted.

At about the same time as the New York Post hack was occurring, SocialFlow itself was suffering from security problems at the hands of the Syrian Electronic Army. Their website was defaced with the hacking group's logo, and tweets published from SocialFlow's Twitter account make clear that all was not normal for the social media company:

SocialFlow hacked

Later, both the New York Post and SocialFlow wrestled control of their accounts back from the hackers.

Although the newspaper has not seemingly officially acknowledged that the hack occurred, their social media partners were man enough to admit that one of their staff had their email account breached by hackers who had tricked them into handing over passwords in a phishing attack.

SocialFlow admits hack

In the past, the Syrian Electronic Army has hacked into the Twitter accounts of a wide variety of media organisations including the BBC, ITV, The Telegraph, The Financial Times, The Guardian and Thomson Reuters.

The problem has become so big that back in April, Twitter's security team warned potential targets about the hacking threat.

Chances are that the NY Post and SocialFlow fell victim to the Syrian Electronic Army via the group's normal method of attack - emailing staff at one media organisation with a forged “sent” address in the email header, linking to what claims to be a breaking news story that the recipient should check out. Clicking on the link then takes users to a phishing site where passwords are stolen.

The lesson is simple - be very careful about links you click on in unsolicited messages, and always think twice about where you are entering your passwords.

Tags: , , , ,

Subscribe to the free GCHQ newsletter

, , , ,

Special offers & deals

  • Sticky Password Premium: Lifetime Subscription

    Sticky Password Premium: Lifetime Subscription

    Sticky Password protects your online identity by providing strong encrypted passwords for all your accounts, managed by a single master password known by you, and only you. Available for Mac, Windows, iOS, and Android. For a limited time, it's 80% off in our store.
  • IT Security & White Hat Hacking: CompTIA & Cisco Certifications

    IT Security & White Hat Hacking: CompTIA & Cisco Certifications

    Whether you're a beginner or mid-level professional, you'll want to take this comprehensive online course, to help you attain two industry-recognised certifications. You'll master mobile hacking, VPN technologies, penetration testing, and much more--giving you the knowledge you need to succeed in any IT workplace.

More deals...

Leave a reply

1 Comment on "NY Post is hacked by the Syrian Electronic Army on Twitter and Facebook"

Notify of

Sort by:   newest | oldest | most voted
August 14, 2013 7:23 pm

User awareness user awareness user awareness!!!!!!!!!!!!!!!!!!!!!!!