The IT Nerd

It is being reported that a cyberattack on the Washington Post compromised the email accounts of several journalists and was potentially the work of a foreign government

Bleeping Computer has more details: Washington Post’s email system hacked, journalists’ accounts compromised

Roger Grimes, data-driven defense evangelist at cybersecurity company KnowBe4, commented:

 “Attacks against journalists are a serious problem. In most cases, the journalist has to click on a rogue link and somehow get tricked into running the malware. However, there are many commercial surveillance vendors (CSVs) with many zero-days that require zero clicks by the targeted journalist. This is a very serious problem and the cybersecurity world is trying to come to grips with how to treat CSVs who create and deploy zero-click zero-days. It’s a real problem that our industry is just starting to try and grapple with. It’s not helped when different governments, even our own government and its allies, also use these services. When they do, it’s harder to say do as I say but not as I do.”

I have the feeling that this will not be the last time that we will see a headline like this. Threat actors, especially nation state backed threat actors will see this as open season on journalists and you’ll see other high profile journalists, who are already targets for hacks, targeted even more.

UPDATE: Paul Bischoff, Consumer Privacy Advocate at Comparitech had this to say: 

“Unauthorized access to reporters’ emails could put journalists and their sources at risk. It could also allow attackers to hack into other accounts registered to the email address. I hope the Washington Post works as quickly as possible to notify sources and other data subjects who might be affected so they can take steps to protect themselves.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy follows with this:

“Currently, it appears that only emails were compromised. HOWEVER, MANY Microsoft accounts also use OneDrive cloud storage, which usually use the same credentials, so we could find out that files stored in the cloud could also have been compromised. Luckily, the Post employees use Slack in place of email to communicate, as well as the encrypted Signal for messaging. Hopefully this has also helped keep the damage minimal.”

This entry was posted on June 16, 2025 at 1:05 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.