Breaking news, literally: Reuters hacked third time this MONTH
Buggy blog blamed
Reuters websites were hacked for third time in a fortnight when hackers posted a bogus article falsely claiming that Saudi Arabia's foreign minister Saud al-Faisal was dead.
The planting of the false report follows two similar attacks earlier this month. First, a bogus piece stating that the Syrian rebels were retreating appeared on a blog run by the news agency. Then, just days later, Reuters' Twitter feed was hijacked to post pro-Syrian government messages.
Reuters acknowledged the latest breach in a statement that provides few clues about who carried out the latest breach, or how the hack was pulled off.
"Reuters.com was a target of a hack on Tuesday. Our blogging platform was compromised and a fabricated blog post saying Saudi Arabia's Foreign Minister Prince Saud al-Faisal had died was illegally posted on a Reuters journalist's blog on Reuters.com," the statement explains. "Reuters did not report the false story and the post was immediately deleted. We are working to address the problem."
The news agency uses the WordPress platform for blogging. One plausible theory is that a vulnerability in this widely used package was used to pull off the latest attack, but this remains unconfirmed. ®
Note to Reuters.
Note to Reuters:
Report the news, don't be the news.
Lots of criticsm of WordPress...
...no suggestion of an alternative platform that is completely secure out of the box and thereafter.
What to expect ?
I know next to nothing of the news industry, but it seems to me that, once upon a time, they had people called "reporters" that went out into the wide world to get stories, then went to the nearest phone to report their finds.
Some of these people actually proved bravery far in excess of what any boss could expect, bringing back incredible tales. Some actually died for their efforts.
I suspect that things are somewhat different today if reporters are just paid interns watching blog feeds, or categorizing press releases.