The jobs section of The Washington Post’s Web site was hacked last week, exposing about 1.3 million user IDs and e-mail addresses to whoever was behind the attack, The Post said Wednesday.
People whose e-mail addresses were affected may receive junk e-mail, or spam, The Post said in an online posting.
No passwords or other personal data were affected, The Post said, adding that users’ accounts at the washingtonpost.com employment site remain secure.
The site allows users to search job listings and post resumes.
The Post said it is pursuing the matter with law enforcement.
In addition to implementing new security measures, The Post said it is auditing the site’s security.
“We are taking this incident very seriously,” The Post said. “We sincerely apologize for this inconvenience.”
The attack on the site occurred on June 27 and June 28, “in two brief episodes,” The Post said. It notified users by e-mail Wednesday.
Asked about the delay, Post spokeswoman Kris Coratti said The Post took time to investigate the attack, retest the site’s security systems and discuss the matter with law enforcement before notifying users.
“We wanted to make sure that we had a complete understanding as to what had happened and the potential consequences so that we could provide our customers with information that was as accurate and helpful as possible,” Coratti said.
The Post warned users to beware of unsolicited e-mails that try to trick them into giving up personal information such as credit cards, passwords or bank account numbers.