The Associated Press has issued a warning regarding a data breach that has affected customers of the AP Stylebook. The breach occurred when hackers used stolen data to carry out targeted phishing attacks.
The AP Stylebook is a widely used guide that offers assistance with grammar, punctuation, and writing style for journalists, magazines, and newsrooms across the globe. The breach involved an old third-party-managed AP Stylebook site which was no longer in use. The hackers gained unauthorized access to the site between July 16 and July 22, 2023. As a result, the personal data of 224 customers was stolen.
The stolen information comprises the names, email addresses, street addresses, cities, states, zip codes, phone numbers, and User IDs of the affected customers. Additionally, any customers who had entered tax-exempt IDs such as Social Security Numbers or Employer Identification Numbers had those IDs stolen as well.
The Associated Press was made aware of the potential data breach on July 20, 2023, after several AP Stylebook customers reported receiving phishing emails. These emails urged customers to update their credit card information. In response, the AP promptly shut down the old site and took steps to prevent further phishing attacks.
Customers of the AP Stylebook were notified about the phishing attacks at the end of July. They were warned that the emails originated from ‘[email protected][.]id’ and had subjects similar to “Regarding AP Stylebook Order no. 07/20/2023 06:48:20 am.”
As a precautionary measure, the Associated Press has mandated that all AP Stylebook customers reset their passwords upon their next login.
While this data breach may not have affected a large number of customers, it is important to recognize that login credentials for journalists and media companies are highly coveted by cybercriminals. Unauthorized access to media networks can lead to various types of attacks, including ransomware attacks, data theft, and cyber espionage. Previous incidents involving ransomware and cyberespionage have targeted media outlets such as News Corp, the Philadelphia Inquirer, and the German newspaper Heilbronn Stimme.
The Associated Press has been contacted for further information regarding the phishing attack and any updates will be provided accordingly.