More Information

What happened?

We discovered that an unauthorized third party attacked our Jobs website and was able to obtain access to certain user IDs and e-mail addresses. No passwords or other personal information was affected. We are taking this incident very seriously. We quickly identified the vulnerability and shut it down, and are pursuing the matter with law enforcement. We sincerely apologize for this inconvenience.

When did this happen?

The attack occurred in two brief episodes once on June 27 and once on June 28.

How does this impact those who were affected?

Users whose e-mail addresses were accessed may receive some unsolicited emails (SPAM) as a result. Their Jobs accounts remain secure.

How many users were impacted?

We do not know the exact number of individuals, but in total, roughly 1.27 million user IDs and e-mail addresses were impacted.

What is Washington Post Jobs doing about this?

We quickly identified the attack and took action to shut it down. We also have implemented additional measures to prevent against a similar attack in the future, and we are pursuing the matter with law enforcement. In addition, we are conducting a thorough audit of the security of the Jobs site.

What is SPAM?

SPAM, aka. Junk Mail, is unsolicited mass e-mail. One especially serious form of SPAM is phishing, in which e-mails may ask users for sensitive personal information, such as credit card information, bank account information, passwords and ID numbers. Often, phishing e-mails try to trick recipients into disclosing such sensitive information by fraudulently pretending to come from reputable companies.

How can I reduce or avoid SPAM?

Most major e-mail service providers have SPAM filters which help reduce the amount of SPAM in your inbox. Check with your e-mail provider for more information. In addition:

  • Avoid opening suspicious or unsolicited e-mails.
  • Never respond to or click any links in a SPAM e-mail.
  • Avoid giving personal or financial information in an email, especially credit card information, bank account information, passwords and ID numbers. (Washington Post Jobs will never ask you for your password or sensitive personal information over e-mail.)

What are some common SPAM red flags?

  • You do not recognize the sender.
  • The message is unexpected or unsolicited.
  • The subject line and/or e-mail contain misspellings or grammatical errors.
  • The message is alarmist or has a strong sense of urgency.
  • The message includes or references an altered, misspelled, suspicious, or bogus web address. (You should always verify web addresses before clicking on a link.)
  • The message requests money or rescue.
  • The message solicits personal information (e.g., password or bank account number).