The newspaper said that an “unauthorized third party” breached its Jobs website on June 27 and June 28 and was able to steal user IDs and email addresses. However, no passwords or other personal information was taken, according to an announcement posted on the Washington Post website.
“We quickly identified the attack and took action to shut it down. We also have implemented additional measures to prevent against a similar attack in the future, and we are pursuing the matter with law enforcement. In addition, we are conducting a thorough audit of the security of the Jobs site”, the announcement said.
The newspaper warned job seekers whose information was stolen that they could start receiving spam. It advised those affected how to recognize spam and how to avoid it.
Asked about the delay in announcing the breach, Washington Post spokeswoman Kris Coratti said that the newspaper “wanted to make sure that we had a complete understanding as to what had happened and the potential consequences so that we could provide our customers with information that was as accurate and helpful as possible”.