The Associated Press Corp. is warning that users of the AP Stylebook may have been targeted in a phishing campaign following a data breach involving the theft of data from an old AP Stylebook website maintained by Stylebooks.com.

The AP Stylebook is a style and use guide for American English grammar used by journalists and media outlets, including SiliconANGLE Media Inc. The guide provides guidance on a standardized style of writing, such as not using an Oxford Comma in AP’s case.

The breach of the old AP Stylebook website took place between July 16 and July 22. A disclosure notice filed with the Office of the Maine Attorney General put the number of persons affected at 224, two of whom reside in Maine. In a form letter sent to those who had their account compromised, AP said it first became aware of the breach after Stylebooks.com informed it on July 20 that customers had received phishing emails directing them to a fake website that imitated the AP Stylebook to provide updated credit card information.

An investigation involving a cyber forensics firm was then launched, which found that the personal information of customers whose information was stored on the old AP Stylebook website had been accessed by an unauthorized third party. The current AP Stylebook website was not affected.

Information stolen includes names, emails, addresses, phone numbers and user IDs. It’s also noted that in some cases, Social Security numbers and taxpayer IDs may have also been stolen. The old AP Stylebook website was taken offline on July 23.

“Older, untended websites offer attractive hunting grounds for hackers because they often contain more unpatched vulnerabilities to exploit owing to less frequent monitoring and auditing,” Mika Aalto, co-founder and chief executive officer at enterprise security awareness solutions provider Hoxhunt Oy, told SiliconANGLE. “Once compromised, these sites provide a good place for criminals to launch further anonymous attacks, either by hijacking the domain for phishing or stealing user credentials. While this breach wasn’t large in the actual volume of compromised accounts, it is still quite dangerous. Journalists often have access to valuable contacts and data and are thus high-value targets for lucrative spear phishing attacks such as business email compromise, ransomware and so on.”

Image: AP