The Associated Press has informed users of an old AP Stylebook website who received phishing emails that directed them to a fake website that imitated the real AP Stylebook and was asking for updated credit card information.
According to the letter the AP sent to users, Stylebooks.com notified AP that AP Stylebook customers had received the phishing emails on July 20. On July 23, the old AP Stylebook website was taken offline, and by July 27, the fake spoofed Stylebooks website was taken down.
The AP said that its investigation determined that the personal information affected included names, email addresses, street addresses, city, state, zip code, phone number, and User IDs. Because the AP Stylebook had also requested Tax Exempt ID when customers made a purchase, the AP said it cannot rule out that the 9-digit number accessed by a third-party is a Social Security number or a Taxpayer ID.
For decades the AP Stylebook has been used by news organizations as the leading source of grammar, punctuation, and style questions for journalists and editors at hundreds of newsroom worldwide. While only 224 people were affected, security researchers were concerned because many of the victims potentially were journalists and editors.
Efforts to reach the AP for further comment on the backgrounds of the victims and which organizations they worked for were unsuccessful.
Human threat intelligence in fighting phishing attacks
“While this breach wasn’t large in the actual volume of compromised accounts, it’s still quite dangerous,” said Mika Aalto, co-founder and CEO at Hoxhunt. “Journalists often have access to valuable contacts and data and are thus high-value targets for lucrative spear phishing attacks such as BEC, ransomware, and so on."
"This breach invovling the AP Stylebook offers some valuable lessons in security processes, practices, and policies regarding third-party vendors and legacy systems,” said Aalto.
Aalto added that security teams should always ensure they have adequate security controls and monitoring mechanisms in place to protect against unauthorized access, and conduct regular security audits to find and fix vulnerabilities or weaknesses.
“The fact that this breach only came to light because journalists reporting phishing attacks is notable,” said Aalto. “Human threat intelligence has become an incredibly valuable resource in the fight against phishing attacks. Organizations should equip their employees with the skills and tools to recognize and report a phishing attack as quickly as possible. SOC teams should have the tools in place to accelerate incident response, where speed is essential because the faster a threat gets reported, the quicker it can be contained.”
Liel Ran, co-founder and CTO at DoControl, said data breach via AP Stylebook is simple and end customers aren't suspicious of anything unusual since they are used to using the stylebook every day. Ran said this compares to the equivalent of a developer being used to consuming third-party/open source.
“As a result, this makes this attack vector simple to implement and hard to detect and therefore a high risk,” said Ran. “Like you would do with software, always check the change log, try to understand what changes have been made in new versions and by whom. Also: try to detect unusual and unfamiliar authors of code.”
