The data was stolen from PR Newswire on or after March 8, 2013 and reportedly included partial website source code, configuration data, and a database of PR Newswire customers.
The stolen code was found on the same servers as Adobe’s source code, Krebs reports.
More evidence, dated 13 February, 2013, points to a large-scale attack targeting the news service’s networks, hitting more than 2,000 IP addresses with ColdFusion exploits.
Krebs reports that the co-location of PR Newswire’s and Adobe’s stolen data suggest that the same attackers went after both targets.
PR Newswire on Wednesday sent a statement to customers, saying that it’s conducting an extensive investigation and has notified appropriate law enforcement authorities. It is also forcing users to change their passwords:
As a precautionary measure, we have implemented a mandatory password reset for all customers with accounts on this database. As a general practice, we recommend that our customers use strong passwords and regularly update them, not just on PR Newswire but on any website requiring login credentials. From an internal perspective, we continue to implement security improvements and additional protocols to help further protect user portals and customer and proprietary information.
Based on its preliminary review, PR Newswire said in the statement, it doesn’t believe that customer payment data were compromised.