A security breach at PR Newswire has put account information and passwords of several users at risk, according to Krebsonsecurity.com
The data was found on a hacker’s server, disguised as an image file. The servers also housed stolen source code data from Adobe. The breach happened back in the spring, but security experts can’t pinpoint whether it took place in March or April.
Alex Holden of Hold Security said the breach likely extends “further than previously thought.”
A news release from Hold Security states
While we are presently unaware of any deviant abuse of the stolen data, this breach casts a number of questions about the intentions of the hackers. Given the financial motivation of this hackers’ group, PR Newswire is an unlikely target and it might have been a target of opportunity.
On the other hand, considering criticality of major announcements done through PR Newswire, it is possible that savvy malicious individuals might use unannounced press releases or even manipulate major announcements to gain a competitive financial edge on the stock market.
An update to Hold’s release reports that that PR Newswire “was not a random target,” and “it is possible that the hackers had access to PR Newswire infrastructure longer than previously thought.”
[RELATED: Ragan's new distance-learning site houses the most comprehensive video training library for corporate communicators.]
Krebs reports that the stolen data is limited to customers in Europe, Middle East, Africa and India.
PR Newswire stated it was “conducting an extensive investigation and have notified appropriate law enforcement authorities. Based on our preliminary review, we believe customer payment data were not compromised.”