Do you read Forbes.com?  Have you created an account so you automatically get access to that site along with blogs?  If so, you might be among the over 1 million readers of that website whose account was hacked and  personal information stolen February 14th.  Credit for this attack has been claimed by the Syrian Electronic Army(SEA).  There are excellent articles since the 14th providing the details about the attack; the defacing of the Forbes.com home page on its website; and the “secure” website the SEA looked for and then found in order to post the names, email addresses and passwords that they had stolen.

Graham Cluley found his name among the millions posted and warns people who have Forbes.com accounts to be on the lookout for emails or links that might appear to be from Forbes.  He says these could really be phishing attacks and spam campaigns by the SEA or groups who bought some or all of the information. (graham.cluley.com; “Details of over one million Forbes readers leaked online (including mine)”).  Paul Ducklin also alerts Forbes.com readers that through his efforts he discovered that Forbes readers’  passwords were hashed not encrypted —despite the security message posted by Forbes telling readers their passwords had been encrypted. (nakedsecurity.sophos.com; “Syrian Electronic Army hacks Forbes, spills 1M user records-here’s what you need to know”).

Here are the top 3 tips from Mr. Cluley and Mr. Ducklin:

  1. Change your password on Forbes.com and on any other site where you used the same password;
  2. Be on the alert for suspicious emails and links since the SEA made the list publicly available for sale; and
  3. Forbes didn’t send out emails alerting readers but other bloggers alerted them; Forbes.com now has an alert on its home page.

Here’s my key “heads up”:

  • I tried changing my password on Forbes.com and couldn’t gain access to the “Log in” or “Help” links through either Safari or Chrome.  I got messages on both saying the web page wasn’t available.
  • This is likely due to the caveat in Forbes’ security message saying that people should change their Forbes account password “once we make sign-on available again.”  As of Monday, February 17th, that sign-on wasn’t available.

This means that Forbes readers who need to change their passwords also have to be patient and diligent.  Keep checking the Forbes.com website to see when sign-on becomes available and then change your password ASAP!