Data Breach at AP Stylebook Exposes Customer Information

The Associated Press (AP) has issued a warning regarding a data breach that has affected customers of the AP Stylebook. Attackers were able to exploit the stolen data to carry out targeted phishing attacks.

About AP Stylebook

The AP Stylebook is a widely used reference guide for grammar, punctuation, and writing style. It is utilized by journalists, magazines, and newsrooms worldwide.

The Breach

This week, the AP reported that an old third-party-managed AP Stylebook site, which was no longer in use, was hacked between July 16 and July 22, 2023. As a result, the personal data of 224 customers was compromised.

The stolen information includes customers’ names, email addresses, street addresses, cities, states, zip codes, phone numbers, and User IDs. Additionally, tax-exempt IDs such as Social Security Numbers or Employer Identification Numbers were also taken.

Discovery and Response

The AP became aware of the potential data breach on July 20, 2023, when AP Stylebook customers reported receiving phishing emails requesting them to update their credit card information.

Upon discovering the phishing attack, the AP promptly took down the old site and removed the phishing content to prevent further incidents.

At the end of July, the company began notifying AP Stylebook customers about the phishing attacks. The AP warned that the emails were sent from the address ‘support@getscore.my[.]id’ and had a subject line similar to “Regarding AP Stylebook Order no. 07/20/2023 06:48:20 am.”

How Did the Hackers Gain Unauthorized Access in the Massive Data Breach?

The massive data breach exposes 500,000 individuals, shedding light on how hackers gained unauthorized access. Through sophisticated techniques like phishing, exploiting software vulnerabilities, or weak passwords, these hackers infiltrated the system. Once inside, they harvested sensitive information, compromising the security and privacy of thousands. The incident underscores the urgent need for robust cybersecurity measures to prevent such breaches in the future.

Impact and Security Measures

In response to the breach, the Associated Press has mandated that all AP Stylebook customers reset their passwords during their next login session.

Although the breach only affected a relatively small number of customers (224), the login credentials of journalists and media organizations are highly valuable to cybercriminals.

Unauthorized access to a media company’s network can enable a range of attacks, including extortion, ransomware, data theft, and cyber espionage.

Similar incidents have occurred in the past, with both local and global media outlets falling victim to ransomware and cyberespionage attacks. Examples include News Corp, the Philadelphia Inquirer, and the German newspaper Heilbronn Stimme.

We reached out to the Associated Press for further information regarding the phishing attack and will update this article with any additional details we receive.