Hackers broke into The Washington Post’s servers and gained access to employee user names and passwords, marking at least the third intrusion over the past three years, company officials said Wednesday.
The extent of the loss of company data was not immediately clear, although officials planned to ask all employees to change their user names and passwords on the assumption that many or all of them may have been compromised. Although company passwords are stored in encrypted form, hackers in some cases have shown the ability to decode such information.
Post officials, who on Wednesday learned of the intrusion from Mandiant, a cybersecurity contractor that monitors the company’s networks, said the intrusion was of relatively short duration.
“This is an ongoing investigation, but we believe it was a few days at most,” said Post spokeswoman Kris Coratti.
Officials said they saw no evidence that subscriber information, such as credit cards or home addresses, was accessed by the hackers. Nor was there any sign that the hackers had gained access to The Post’s publishing system, e-mails or sensitive personal information of employees, such as their Social Security numbers.
The company’s suspicions immediately focused on the possibility that Chinese hackers were responsible for the hack. Evidence strongly pointed to Chinese hackers in a 2011 intrusion of The Post’s network and in hacks against the New York Times, the Wall Street Journal and a wide range of Washington-based institutions, from think tanks to human rights groups and defense contractors.
This more-recent hack, Post officials said, began with an intrusion into a server used by The Post’s foreign staff but eventually spread to other company servers before being discovered.
In August, the Syrian Electronic Army briefly succeeded in redirecting readers of articles on washingtonpost.com to its own Web site. The group supports Syrian President Bashar al-Assad, who is battling rebels in a civil war.
The Syrian Electronic Army was also suspected in a “phishing” attack aimed at securing the log-in information of the e-mail accounts of Post journalists. The source of the attack sent e-mails to Post employees that appeared to emanate from colleagues. The e-mails directed recipients to click a link and provide log-in data. That information could have been used by an outside source to gain unauthorized access to the company’s computer network.