New York Post was hacked from the inside, employee fired after offensive articles posted online

The New York Post made headlines today when it published a series of incendiary and offensive articles online.

Depending on your political viewpoint, you may well say “What’s new?”.

But on this occasion the Murdoch-owned tabloid’s website was particularly unpleasant – calling for the assassination of political figures like Joe Biden and Alexandria Ocasio-Cortez, and spreading racial slurs.

And, of course, in a blink of an eye the offending stories were being promoted by the newspaper’s Twitter account.

Please note – I’m choosing not to republish some of the most vile things which were posted under the NY Post‘s banner.

A Post spokesperson said it was investigating the cause of the incident, and had “taken down the vile and reprehensible content posted by the hackers.”

Sign up to our newsletter
Security news, advice, and tips.

So, what had happened? Had the New York Post gone barmy? Had they been hacked?

It transpires that the newspaper had not fallen victim to external hackers as had first been suspected, but instead a rogue employee who had access to the website’s content management system (CMS) was responsible.

“The New York Post’s investigation indicates that the unauthorized conduct was committed by an employee, and the employee has been terminated.”

It’s unclear from what has been shared so far whether the rogue employee had legitimate access to the nypost.com website’s backend, which runs on the WordPress VIP platform, or if they exploited someone else’s login credentials.

Once again, a company has been very publicly exploited by a malicious member of their own staff. Never underestimate the risks your business can face from a rogue insider. Hackers have to break their way into your organisation, your employees have already been granted access to your internal systems and data.

Readers with long memories may recall that in 2013, the Facebook and Twitter accounts of the New York Post were hijacked by the Syrian Electronic Army.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.


Source link