Over a million user IDs and e-mail addresses of job applicants were taken from the Washington Post’s Web site after being hacked late last week, according to a statement posted on the Post’s Web site.
The jobs section of the newspaper’s site was hit by two separate “brief” attacks by “an unauthorized third party” on June 27 and June 28.
A letter distributed to users claimed no resumes, passwords or contact information were taken in the breach but that the users may receive unsolicited spam messages.
“We are taking this incident very seriously. We quickly identified the vulnerability and shut it down, and are pursuing the matter with law enforcement. We sincerely apologize for this inconvenience,” the letter read.
The Post’s breach follows in the footsteps of March’s Epsilon compromise where a subset of clients’ data, e-mail addresses and names were exposed by an unauthorized entry.