When the popular satirical publication The Onion fell victim to a hack by the Syrian Electronic Army (SEA) last week, it didn’t see the funny side of it.

The breach led to The Onion’s Twitter account being taken over for several hours by the SEA, during which time the hackers launched a volley of insults aimed at its perceived enemies, including Syrian rebel groups, Israel and the UN.

“UN retracts report of Syrian chemical weapon use: ‘Lab tests confirm it is Jihadi body odor,” claimed one of the less colorful tweets.

Given that The Onion is hardly the most serious of news sources, more than a few of its followers were left confused, wondering if the tweets were all part of some elaborate joke aimed at the recent number of high profile attacks. But as it turns out, this was indeed a real hack, and The Onion wasn’t at all pleased about it.

To ensure that it’s never shown up like that again, The Onion’s IT staff carried out a thorough investigation into how it ended on the receiving end of cruel jibes that it normally aims at others. The publication’s IT staff details exactly what happened in a new post on theonion.github.io, where it reveals that some of its employees fell victim to a phishing scam perpetrated by the SEA.

“Once the attackers had access to one Onion employee’s account, they used that account to send the same email to more Onion staff at about 2:30 AM on Monday, May 6. Coming from a trusted address, many staff members clicked the link, but most refrained from entering their login credentials. Two staff members did enter their credentials, one of whom had access to all of our social media accounts.”

The Onion’s response was to shoot off an email to employees asking them to change their passwords to negate the attack, but unfortunately for them the SEA had already foreseen this event. The hackers responded by sending out a duplicate email that included a fake “password reset” link that took anyone who clicked on it to their phishing page, resulting in two more compromised accounts. They even took care to avoid sending that malicious link to anyone on The Onion’s IT staff, ensuring it wasn’t picked up straight away.

“In total the hackers compromised at least 5 accounts. The attacker logged in to compromised accounts from 46.17.103.125 which is also where the SEA hosts a website.”

Following the hack, The Onion’s IT staff provided some tips to help future victims protect against any attack on their own infrastructure. The advise organizations to make sure their employees are educated, and further suggest keeping email addresses, Twitter logins and any other social media account details stored somewhere separate from their main email.

In addition to this, organizations can help prevent attacks by filtering their Twitter activity through apps like Hootsuite, which should restrict the hacker’s ability to assume total ownership of the account.

At least in the end, The Onion managed to get their own back on the Syrian Electronic Army. Shortly after regaining control of its Twitter account, it posted an amusing article entitled “Syrian Electronic Army Has a Little Fun Before Inevitable Upcoming Deaths at the Hands of Rebels“.