Slashdot Mirror

← Back to Stories (view on slashdot.org)

New York Times Hacked?

Posted by samzenpus on from the fox-in-the-henhouse dept.

First time accepted submitter porsche911 writes "It looks like the NYTimes have been hacked and a large number of subscribers spammed with messages about cancellation of their service. The phone system is overwhelmed as well. The Times is currently saying the email is a fake, but that raises other worries. They were one of the only 3rd parties that had the email in question so it appears either someone really screwed up or they've suffered a data breach." Update: 12/28 21:59 GMT by S : Looks like it was just a mistake by an employee.

30 of 103 comments (clear)

  1. Well, they tried hacking the The New Yorker first by elrous0 · · Score: 5, Funny

    But then they found out that New Yorker readers were far too smug to lower themselves to reading email.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  2. Re:Well, they tried hacking the The New Yorker fir by sleeepy2 · · Score: 3, Interesting

    I got the email about my canceled subscription and I have never subscribed to the Times. Weird.

  3. Seems the New York Times keeps a spam list by KnightMB · · Score: 4, Interesting

    I've never subscribed to the New York times, yet my personal e-mail address got the same spam? Does this mean more than just a subscriber list was used or do they have a more extensive list that they have bought/captured over the years that's the equivalent of a giant spam list?

    1. Re:Seems the New York Times keeps a spam list by NotSanguine · · Score: 2

      I do not have a home delivery subscription, just one for the Crossword puzzles, and I received not one, but two spam emails. One to an old email address I used for the account and one for the current email.

      As such, it appears that the list does include NY Times account holders of various types. Perhaps this was combined with other spam lists too.

      --
      No, no, you're not thinking; you're just being logical. --Niels Bohr
  4. NY Times Response by NotSanguine · · Score: 5, Informative

    Is this

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr
    1. Re:NY Times Response by Skapare · · Score: 3, Interesting

      They also need to get their DNS updated to also include a genuine SPF record and not rely entirely on the TXT record.

      --
      now we need to go OSS in diesel cars
  5. Print Subscribers Only by LostCluster · · Score: 3, Informative

    This appears to be a phishing attack aimed at getting NY Times readers to re-up their subscription with a phony contact given. Looks like their e-mail list got leaked.

    1. Re:Print Subscribers Only by dzfoo · · Score: 3, Insightful

      Then how would you explain that I received the message on an e-mail address that I made specifically to use the NYT app and never have used for anything else?

      That automatically rules out a third party. It was either sent in error, or their user accounts list was indeed compromised.

      A possible third alternative is that they shared their accounts list with a partner that was then compromised. Either way it seems the list was compromised.

      --
      Carol vs. Ghost
      ...Can you save Christmas?
    2. Re:Print Subscribers Only by Skapare · · Score: 2

      Look at the headers and see if the SMTP connection really came from 208.70.142.0/23 or not.

      --
      now we need to go OSS in diesel cars
  6. Used the unique address I gave to the NY Times by jerryasher · · Score: 5, Informative

    I got the email too, and it used the unique email address I gave to the NY Times, so either they were breached or some company they gave my data to was breached.

    Joe Katz on twitter says the same thing:

    "Joe Katz @joekatz 1h
    @NYTPRGUY thing is, I got a "subscription cancelled" message sent to an email alias that only @NYTimes has for me. Was your list hacked?"

    So remember folks when you outsource your IT and marketing and provide them your customer data, you are opening your customers up to their low security practices.

  7. Re:Well, they tried hacking the The New Yorker fir by Mashiki · · Score: 5, Interesting

    Too true, and too funny. You forgot to mention that this is also a method to retain customers after their dismal and continual failure to retain a readership base.

    --
    Om, nomnomnom...
  8. I can confirm the email being sent out. by milbournosphere · · Score: 4, Informative
    I got the supposed cancellation email this morning, for a subscription I haven't had in almost three years. I was going to call, but I guess I'll just ignore it for now. Text of the email I received is below.

    Dear Home Delivery Subscriber, Our records indicate that you recently requested to cancel your home delivery subscription. Please keep in mind when your delivery service ends, you will no longer have unlimited access to NYTimes.com and our NYTimes apps. We do hope you’ll reconsider. As a valued Times reader we invite you to continue your current subscription at an exclusive rate of 50% off for 16 weeks. This is a limited-time offer and will no longer be valid once your current subscription ends.* Continue your subscription and you’ll keep your free, unlimited digital access, a benefit available only for our home delivery subscribers. You’ll receive unlimited access to NYTimes.com on any device, full access to our smartphone and iPad® apps, plus you can now share your unlimited access with a family member. To continue your subscription call 1-877-698-0025 and mention code [] (Monday–Friday, 8:30 a.m. to 8:30 p.m.; Saturday, 9 a.m. to 3 p.m. E.D.T.).

    Doesn't look like they're trolling for information, but I have not tried the number.

    1. Re:I can confirm the email being sent out. by NotSanguine · · Score: 2

      To continue your subscription call 1-877-698-0025 and mention code [] (Monday–Friday, 8:30 a.m. to 8:30 p.m.; Saturday, 9 a.m. to 3 p.m. E.D.T.).

      Doesn't look like they're trolling for information, but I have not tried the number.

      The phone number above asks you to send a fax to a different number. They're *definitely* trolling. Note that the real phone number is 1 800 NYTIMES.

      --
      No, no, you're not thinking; you're just being logical. --Niels Bohr
    2. Re:I can confirm the email being sent out. by Anonymous Coward · · Score: 2

      Ooh, ooh, ooh... FAX?

      I predict they will begin receiving sheets of black construction paper shortly...

    3. Re:I can confirm the email being sent out. by Arrogant-Bastard · · Score: 2

      Ah, a WHOIS lookup shows that it's the incompetent spammers-for-hire at Epsilon. (Go Google "epsilon spam" for a glimpse at the tip of the iceberg. I'll wait.)

      Back? Good. Epsilon does spam-for-hire for a number of companies; apparently the crack reporting staff at the NYT isn't intelligent or diligent enough to figure this out and report it to their own management. This is hardly the first incident involving them -- or rather, it's hardly the first widely-known incident involving them. Those of us who've been studying spam for decades are well aware of this sleazy operation.

  9. Re:And... by LostCluster · · Score: 2

    Can't be so sure of that... did people give up their account info to the man-in-the-middle thinking it would continue a subscription somebody else in the household seemed to have canceled?

  10. DNS Hack? by Midnight_Falcon · · Score: 4, Informative

    At first glance with little information, it appears as though the messages in question with reply-to address @email.nytimes.com, which resolves to the same host as the @ record of nytimes.com (presently, 11:58 PST, 199.239.136.200). However, the message was sent by dmailer099.dmx1.bfi0.com, 208.70.142.99. This is their upstream MTA provider called Epsilon, which had been known to have been hacked previously. Chances are this customer list was compromised from an upstream provider and the mail messages sent via hacking one of the servers at their mail provider, and the NYTimes internal network was not compromised, at least ostensibly by this act. Chances also are that NYTimes only uses this provider for mass communication and not internal messaging. So this is prominent because it involves the NYTimes and a phishing attempt, but in the grand scheme of things it's a bit of a dud.

  11. Not surprising by cultiv8 · · Score: 4, Interesting

    Someone wrote 4 lines of CSS & JS and was able to haxxor NYTimes paywall. A guru hacker is not necessary.

    --
    sysadmins and parents of newborns get the same amount of sleep.
  12. Could be untargeted phishing by DragonHawk · · Score: 3, Insightful

    It could also be that some con-artist somewhere is sending out phishing emails, designed to look like Times cancellation notices, and sent to large numbers of harvested email addresses. Since the set of NYT subscribers with an email address is a proper subset of the set of people with an email address, a lot of NYT subscribers would still be hit.

    But "New York Times Hacked" makes for a better headline.

    --

    dragonhawk@iname.microsoft.com
    I do not like Microsoft. Remove them from my email address.
    1. Re:Could be untargeted phishing by postbigbang · · Score: 4, Insightful

      The bounce in the header of the message implies that it was triggered internally. It wouldn't have been used to launder the list, because the bounces would have gone back to NYT.

      My guess is that it's not a DDOS, it's a fuckup.

      --
      ---- Teach Peace. It's Cheaper Than War.
  13. this will shed light by l2718 · · Score: 2

    I got the email too, and it used the unique email address I gave to the NY Times, so either they were breached or some company they gave my data to was breached.

    Indeed, this will probably force the NYT to shed light on who they share their subscribers' contact information with.

  14. Re:Well, they tried hacking the The New Yorker fir by Anonymous Coward · · Score: 4, Funny

    I was happy I was unsubscribed, as I have never signed up for anything New York times related ever. So that information that I was unsubscribed had me thanking God.

    Sadly, it now appears to be a hoax. I am now crushed in despair.

  15. Copy of E-mail headers by Midnight_Falcon · · Score: 2
    Reinforces my earlier conclusion that their upstream MTA agent provider for mass mailings had been compromised, and likely still is.

    Available here: https://gist.github.com/1529336

    Received: from dmx1.bfi0.com (dmailer0121.dmx1.bfi0.com. [208.70.142.121]) by mx.google.com with ESMTP id v2si13633651ane.208.2011.12.28.10.17.18; Wed, 28 Dec 2011 10:17:18 -0800 (PST)

    Interesting areas:

    DKIM-Signature: v=1; a=rsa-sha1; d=email.newyorktimes.com; s=ei; c=simple/simple; DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;

  16. well-timed blow by Scavia · · Score: 2

    Wow, this is really gonna screw with their business model. This was the first year the NYT was trying to push a lot of longtime loyal readers into paid subscriptions (last year got covered by a grant from GM, I think). Now I'm really, really reluctant to give them credit card info. Way to epic fail there, guys.

  17. Gmail's SPAM filter updates/adapts fast! by Faizdog · · Score: 3, Interesting

    So I got the email in my Gmail account, which is how I've signed up for home delivery of the NYT. I'll foolishly admit that I was fooled, and called the number in the email and got the recorded message saying that the line was busy (maybe that was the whole point, now they've got my number too).

    Anyway, I didn't want to lose the delivery, so I marked the email as unread so that I could address it later and logged out of Gmail.

    After about 20/30 minutes when this story broke on /. and other sties, I figured I'd log back into Gmail, check my email (what you don't compulsively check email?) and delete this spam. I couldn't find it in my inbox! I checked the trash thinking I may have deleted it, but it wasn't there. Then I thought to check the SPAM folder, and sure enough it was in there, still marked as unread.

    Gmail updated the spam policy to classify this specific email as spam in about 20 minutes, where as it had made it into my inbox before.

    Upon reflection, it's not surprising, I'm sure a lot of users marked it as SPAM in the last 20 minutes, but still was interesting for me to note. Gmail's spam filter is usually pretty good, I NEVER even look in the spam folder (even for false positives) so this was an interesting experience. I wonder if I'd left it marked as "read" and not remarked it as "unread" if it would still have been moved out from my inbox to the spam list?

    --
    -"Those who fought today will die tommorow."-
  18. NYT admits they screwed up by gstrickler · · Score: 3, Informative

    According the the linked article, an update from NYT indicates that they sent the email. It was supposed to go to 300 people, instead, it went to all 8M people with NYT accounts.

    --
    make imaginary.friends COUNT=100 VISIBLE=false
  19. Re:Well, they tried hacking the The New Yorker fir by flyingsquid · · Score: 2

    UPDATE:The Times mistakenly sent e-mails today to subscribers and others, erroneously stating that home delivery of the newspaper had been canceled. We apologize for the inconvenience.

  20. Re:Well, they tried hacking the The New Yorker fir by houghi · · Score: 2

    Hey, I got an email about my credit card being disabled and I don't even have a credit card.

    --
    Don't fight for your country, if your country does not fight for you.
  21. Blame hacking by default by 93+Escort+Wagon · · Score: 2

    It's not unusual for this sort of thing to happen, unfortunately. Within the past year I've received at least two spammy emails from different companies which were followed in short time by a second email apologizing for the error. People make mistakes, and always have - so, when it involves electronic communication, I wonder why we're so prone to immediately blaming a hacker for it when a simpler explanation is readily available?

    If someone were to hack the New York Times, I wouldn't think sending out cancellation notices would be high on their "to do" list - whether they were a kiddie hacker or of a more serious bent.

    --
    #DeleteChrome
  22. Re:And... by LostCluster · · Score: 2

    There are plenty of corrupt call centers in the world. They'll answer the phone and collect data based on the check clearing and not whether they've been hired by the legit management of the brand they answer the phone as. Some call centers are stupid enough to think they're doing the right thing when really they're supplying credit card numbers to the wrong people.