PR Newswire alerts customers to change passwords following breach

Share this article:

PR Newswire announced Wednesday that it became the latest company to be breached by a group of attackers said to also be responsible for striking LexisNexis, the National White Collar Crime Center (NW3C) and Adobe.

“Notwithstanding our efforts, we recently learned that a database, which primarily houses access credentials and business contact information for some of our customers in Europe, the Middle East, Africa and India, was compromised,” Ninan Chacko, CEO of PR Newswire, said in a statement.

Additionally, a PR Newswire spokesperson told on Thursday that details beyond the official statement could not be provided due to an ongoing investigation.

Preliminary findings revealed customers likely did not have payment data compromised, according to the Chacko statement, but the marketing and communications provider is making a password reset mandatory for all account holders.

Alex Holden, CISO at information security services company Hold Security, the organization that uncovered details of the incidents and – along with technology journalist Brian Krebs – alerted affected companies, told on Thursday that partial website source code and configuration data was accessed, along with a database of PR Newswire customers that includes passwords.

Holden said he is almost certain the same hacker group is at work here because the PR Newswire data was discovered hidden within an image “that was over a hundred megabytes” and stored on the attackers' repository server, which housed source code stolen from Adobe.

A couple of weeks ago, Adobe announced to nearly three million of its customers that their credit card data had been breached and that intruders had stolen product source code.

Holden said that PR Newswire was deliberately targeted and pointed to evidence, dated Feb. 13, of a significant attack aimed at the company's multiple networks hitting more than 2,000 IP addresses using ColdFusion exploits. The attack came from a different server used by the same group of attackers, Holden added.

“What still confuses me is why PR Newswire was targeted,” Holden said, adding there are other companies that have been hit by these attacks. “PR Newswire does not have many financial records to the best of my knowledge – and in their statement they don't believe any were taken.”

Meanwhile, PR Newswire said it is taking measures to ensure this type of incident does not happen again.

“We continue to refine our security approach in light of the ever-changing nature of threats and implement security enhancements on a regular basis,” Chacko said in the statement. “From an internal perspective, we continue to implement security improvements and additional protocols to help further protect user portals and customer and proprietary information.”

Share this article:

Sign up to our newsletters

More in News

DDoS attacks remain up, stronger in Q2, report says

DDoS attacks remain up, stronger in Q2, report ...

Prolexic's second quarter DDoS report noted the proliferation of shorter attacks that ate up more bandwidth.

Superman soars above fellow superheroes as most toxic search term

A McAfee study found that searches pertaining to Superman exposed users to the most infected websites.

Black Hat talk on Tor weaknesses canceled

Black Hat organizers say legal counsel for the Software Engineering Institute and Carnegie Mellon University nixed the session.