The Syrian Electronic Army (SEA) has sparked concern by orchestrating yet another hack attack – this time attacking the account records of more than a million Forbes readers and contributors. A total of 1,071,963 users were affected when the database that held their email addresses and correlating passwords was exposed and shared online by the cybercriminals. Three Forbes articles were vandalized and the company’s blog went dead as well.
It’s believed Forbes stored user information in a PHP Portable format. Essentially, this means every password and a random salt, used to slow down attackers, were run through the MD5 algorithm. This algorithm is a popular cryptographic hash function that’s commonly utilized to verify the legitimacy of data. Forbes ran 8,192 duplications of MD5 on the hash and password and then stored the results in their database.
Forbes released the following statement: “The email address for anyone registered with Forbes.com has been exposed. Please be wary of emails that purport to come from Forbes, as the list of email addresses may be used in phishing attacks. We have notified law enforcement. We take this matter very seriously and apologize to the members of our community for this breach”.
Official claims that the Syrian Electronic Army attacked Forbes as they allegedly feel that the site shows flagrant hatred for Syria in their articles.