Modernizing Authentication — What It Takes to Transform Secure Access
Soon after the Syrian Electronic Army breached Forbes' Web site on February 14, 2014, the hackers published more than 1 million user names, e-mail addresses and encrypted passwords online (h/t Softpedia).
In a brief statement on its Web site, Forbes announced, "The e-mail address for anyone registered with Forbes.com has been exposed. Please be wary of e-mails that purport to come from Forbes, as the list of e-mail addresses may be used in phishing attacks. The passwords were encrypted, but as a precaution, we will strongly encourage Forbes.com readers to change their passwords on our system once we make sign-on available again."
Forbes Media chief product officer Lewis DVorkin later claimed in an article on the attack that the Syrian Electronic Army had demanded "fees" from the company to prevent the publication of the database and added, "We've started a process to notify each regsitered Forbes.com user whose e-mail address and encrypted password was exposed."
The hackers refuted DVorkin's statement, tweeting, "@Forbes claimed in an article posted by them that we emailed them requesting "fees" at Friday, but then the database was already published ... making a fake story we (requesting "fees") after we posted a joke about selling the data is not the good way to defend yourself."
They later added, "The Forbes story is not over yet! There is one last thing but we'll show you later with other stuff."