The Washington Post's servers were penetrated by hackers who accessed employees' user names and password data in a breach that marked the third intrusion in as many years, the paper reported.
Security personnel still don't know the full extent of the loss, an article published Wednesday said. The intrusion was discovered by outside security consultant Mandiant, which reported it to Washington Post officials Wednesday. Compromised data includes employees' user names and passwords that were "stored in encrypted form," which typically means as a cryptographic hash. Post officials, working under the assumption that a fair percentage of hashed passwords can be cracked, planned to direct all employees to change their passwords.
There's no evidence yet that subscriber information such as credit card data or home addresses was accessed. There was also no immediate sign that hackers had accessed the paper's publishing system, employee e-mail databases, or sensitive personal information belonging to workers. Wednesday's article cited a Washington Post official as saying investigators believe the intrusion lasted at most a few days.