Forbes wants to be a tech company, and hackers are treating it like one.
On Saturday, Forbes confirmed that the Syrian Electronic Army (SEA) had compromised its content management system, nabbing the login details for over a million Forbes users — including reporters, editors and network contributors.
“The email address for anyone registered with Forbes.com has been exposed. Please be wary of emails that purport to come from Forbes, as the list of email addresses may be used in phishing attacks,” Forbes wrote in a notice posted to its homepage.
After making off with the data, the SEA then released it online, exposing usernames and encrypted passwords to the entire Web.
While hacks like this one are common these days — the SEA also recently took down The New York Times — the latest hack at Forbes raises some big questions about whether Forbes can actually follow through on its ambition to not only build out its contributor platform but also license its underlying CMS to other companies.
The hack also exposed one of the biggest issues with how Forbes is approaching its platform technology. Like many publisher sites today, Forbes built its CMS on top of WordPress. While this gives Forbes a lot of customization options, it also exposes the site to countless security holes, especially from third-party plugins and themes.
Forbes did not comment to Digiday about the hack. But Forbes chief product officer Lewis DVorkin wrote in a post on Tuesday that the attack was one of the “challenges and risks associated with a platform that supports a distributed workforce using a distributed set of tools in a social news environment.”
In other words, Forbes has realized what many tech companies intuitively understand from the start: The more users and third-party features you plug into your system, the more vulnerabilities you expose yourself to.
What’s especially bad for Forbes is that the hack also disrupted the ability for contributors to post autonomously. Instead, contributors who want to get posts up on the site first have to email them to the Forbes editors in charge of publishing. (“Our loyal contributors eagerly participated in the make-shift process,” Dvorkin wrote.)
Considering that Forbes’s business model is centered around posting as many articles as possible and selling ads off of them, a lower number of posts is clearly bad news.
All of this is actually worse if you believe security researcher Graham Cluley, who said that the attack that hit Forbes wasn’t particularly sophisticated.
“There’s no doubt that if Forbes had had tougher security in place (for instance, two-factor authentication), they could have helped prevent the hackers from gaining access to their systems and stealing the user information,” he said by email.
Cluley went on: “There have been so many media organisations hacked by the SEA in recent months that there really is no excuse for such firms not to have better trained their staff to be on the lookout for the kinds of social engineering and phishing attacks that the SEA typically employ.”
Media Briefing: What Axios’ sale says about the valuation of digital media companies
In this week’s Media Briefing, senior media reporter Sara Guaglione looks at what Axios's sale to Cox Enterprises signals about the current investment market for media companies.
Amid gloomy forecasts can ad tech weather the storm?
The recent Q2 results suggest there is more resilience and runway in the ad tech sector. But how long before push comes to shove?
Member ExclusiveDigiday+ Research deep dive: Twitter’s strength holds among publishers
There is perhaps no social media platform that is more appropriate for publishers than Twitter. In this Digiday+ Research deep dive, we look at why this is.
SponsoredConsumers expect brands to be authentic in their DE&I commitments
Sponsored by Amazon Ads With consumers looking to brands to take stances on global and social issues that impact their lives, it’s hard to argue the important role brands play in our society. With this great opportunity also comes great responsibility, and consumers are paying attention. New research commissioned by Amazon Ads with Environics Research […]
La razón por la que Google y Samsung se asociaron con la personalidad de TikTok Addison Rae para una campaña nostálgica de los años 90
Este verano, Google y Samsung han lanzado su último esfuerzo de marketing conjunto, en el que los gigantes de la tecnología y el hardware aprovechan la nostalgia de principios de los años 90 y utilizan a la TikToker Addison Rae como musa de la generación Z. En su nueva campaña publicitaria con Rae, Google cuenta […]
Las publicaciones invierten en más reporteros especializados en criptomonedas
La semana en que el mercado de las criptomonedas se desplomó a mediados de junio, Fortune envió a Jeff Roberts una oferta para convertirse en su editor de criptografía y supervisar la creación de un equipo de periodistas. Estas circunstancias llevaron a la redactora jefe de Fortune, Alyson Shontell, a hacer una pausa y a […]