Data Breach at AP Stylebook Exposes Customer Information
The Associated Press (AP) has issued a warning regarding a data breach that has affected customers of the AP Stylebook. Attackers were able to exploit the stolen data to carry out targeted phishing attacks.
About AP Stylebook
The AP Stylebook is a widely used reference guide for grammar, punctuation, and writing style. It is utilized by journalists, magazines, and newsrooms worldwide.
This week, the AP reported that an old third-party-managed AP Stylebook site, which was no longer in use, was hacked between July 16 and July 22, 2023. As a result, the personal data of 224 customers was compromised.
The stolen information includes customers’ names, email addresses, street addresses, cities, states, zip codes, phone numbers, and User IDs. Additionally, tax-exempt IDs such as Social Security Numbers or Employer Identification Numbers were also taken.
Discovery and Response
The AP became aware of the potential data breach on July 20, 2023, when AP Stylebook customers reported receiving phishing emails requesting them to update their credit card information.
Upon discovering the phishing attack, the AP promptly took down the old site and removed the phishing content to prevent further incidents.
At the end of July, the company began notifying AP Stylebook customers about the phishing attacks. The AP warned that the emails were sent from the address ‘[email protected][.]id’ and had a subject line similar to “Regarding AP Stylebook Order no. 07/20/2023 06:48:20 am.”
Impact and Security Measures
In response to the breach, the Associated Press has mandated that all AP Stylebook customers reset their passwords during their next login session.
Although the breach only affected a relatively small number of customers (224), the login credentials of journalists and media organizations are highly valuable to cybercriminals.
Unauthorized access to a media company’s network can enable a range of attacks, including extortion, ransomware, data theft, and cyber espionage.
Similar incidents have occurred in the past, with both local and global media outlets falling victim to ransomware and cyberespionage attacks. Examples include News Corp, the Philadelphia Inquirer, and the German newspaper Heilbronn Stimme.
We reached out to the Associated Press for further information regarding the phishing attack and will update this article with any additional details we receive.