Earlier this year, hackers broke into the networks of marketing and press release distribution service PR Newswire, making off with usernames and encrypted passwords that customers use to access the company’s service and upload news releases, KrebsOnSecurity has learned.
The stolen data was found on the same Internet servers that housed huge troves of source code recently stolen from Adobe Systems. Inc., suggesting the same attackers may have been responsible for both breaches. Date and time stamps on the stolen files indicate that breach at PR Newswire occurred on or after March 8, 2013.
Presented with a copy of the purloined data, PR Newswire confirmed ownership of the information. The company said that later today it will begin the process of alerting affected customers and asking them to change their account passwords. The company says its investigation is ongoing, but that the data appears to be related to a subset of its customers from Europe, the Middle East, Africa and India.
In a statement being sent to customers today, PR Newswire said it is “conducting an extensive investigation and have notified appropriate law enforcement authorities. Based on our preliminary review, we believe customer payment data were not compromised.”
As with the investigation into the Adobe breach, this author had significant help from Alex Holden, chief information security officer at Hold Security LLC. While there are no indications that the attackers did anything malicious with the PR Newswire data, Holden said the bad guys in this case could have used it to wreak financial havoc. The company’s customer list reads like a Who’s Who of PR firms and Fortune 1000 firms.