Hacked WaPo pushed readers to Syrian Electronic Army site

The Washington Post website was hacked and some readers were redirected to the website of the Syrian Electronic Army (SEA), the newspaper said on Thursday.

On its Switch technology and policy commentary site, WaPo said the hack took place due to a vulnerability in the third-party Outbrain content recommendation service that the newspaper uses.

WaPo's engineers confirmed that Outbrain was the source of the vulnerability, which also compromised the Time and CNN websites.

Outbrain also confirmed on Twitter that it had been compromised.

Due to an attack, our recommendations are down. Our team is working to get our system secure & up shortly. Apologize for any inconvenience.

— Outbrain (@Outbrain) August 15, 2013

On its blog, Outbrain said it had secured its network and restored systems to their prior states before the attack.

The company said SEA's attack was done through phishing emails sent to all of its employees. purporting to be from Outbrain's chief executive.

A link taking employees to a page asking them to input their company credentials to see the information opened up the company's email system to SEA, and allowed the hackers to discover other authentication details to further compromise Outbrain's systems.

The hackers, who support Syria's president Bashir al-Assad, also claimed via Twitter to have compromised the New York Times this morning.

SEA has been linked to several high profile attacks including taking control of the Associated Press' official Twitter feed and sending out a bogus message about two explosions at the White House.

It is is also believed to be behind the attacks on Twitter accounts and websites of The Financial Times, BBC, Guardian and Reuters News.

The Washington Post parent company last week agreed to sell its flagship newspaper division to Amazon founder Jeff Bezos for US$250 million.