Slashdot Mirror

← Back to Stories (view on slashdot.org)

New York Times Hacked?

Posted by samzenpus on from the fox-in-the-henhouse dept.

First time accepted submitter porsche911 writes "It looks like the NYTimes have been hacked and a large number of subscribers spammed with messages about cancellation of their service. The phone system is overwhelmed as well. The Times is currently saying the email is a fake, but that raises other worries. They were one of the only 3rd parties that had the email in question so it appears either someone really screwed up or they've suffered a data breach." Update: 12/28 21:59 GMT by S : Looks like it was just a mistake by an employee.

10 of 103 comments (clear)

  1. Well, they tried hacking the The New Yorker first by elrous0 · · Score: 5, Funny

    But then they found out that New Yorker readers were far too smug to lower themselves to reading email.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  2. Seems the New York Times keeps a spam list by KnightMB · · Score: 4, Interesting

    I've never subscribed to the New York times, yet my personal e-mail address got the same spam? Does this mean more than just a subscriber list was used or do they have a more extensive list that they have bought/captured over the years that's the equivalent of a giant spam list?

  3. NY Times Response by NotSanguine · · Score: 5, Informative

    Is this

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr
  4. Used the unique address I gave to the NY Times by jerryasher · · Score: 5, Informative

    I got the email too, and it used the unique email address I gave to the NY Times, so either they were breached or some company they gave my data to was breached.

    Joe Katz on twitter says the same thing:

    "Joe Katz @joekatz 1h
    @NYTPRGUY thing is, I got a "subscription cancelled" message sent to an email alias that only @NYTimes has for me. Was your list hacked?"

    So remember folks when you outsource your IT and marketing and provide them your customer data, you are opening your customers up to their low security practices.

  5. Re:Well, they tried hacking the The New Yorker fir by Mashiki · · Score: 5, Interesting

    Too true, and too funny. You forgot to mention that this is also a method to retain customers after their dismal and continual failure to retain a readership base.

    --
    Om, nomnomnom...
  6. I can confirm the email being sent out. by milbournosphere · · Score: 4, Informative
    I got the supposed cancellation email this morning, for a subscription I haven't had in almost three years. I was going to call, but I guess I'll just ignore it for now. Text of the email I received is below.

    Dear Home Delivery Subscriber, Our records indicate that you recently requested to cancel your home delivery subscription. Please keep in mind when your delivery service ends, you will no longer have unlimited access to NYTimes.com and our NYTimes apps. We do hope you’ll reconsider. As a valued Times reader we invite you to continue your current subscription at an exclusive rate of 50% off for 16 weeks. This is a limited-time offer and will no longer be valid once your current subscription ends.* Continue your subscription and you’ll keep your free, unlimited digital access, a benefit available only for our home delivery subscribers. You’ll receive unlimited access to NYTimes.com on any device, full access to our smartphone and iPad® apps, plus you can now share your unlimited access with a family member. To continue your subscription call 1-877-698-0025 and mention code [] (Monday–Friday, 8:30 a.m. to 8:30 p.m.; Saturday, 9 a.m. to 3 p.m. E.D.T.).

    Doesn't look like they're trolling for information, but I have not tried the number.

  7. DNS Hack? by Midnight_Falcon · · Score: 4, Informative

    At first glance with little information, it appears as though the messages in question with reply-to address @email.nytimes.com, which resolves to the same host as the @ record of nytimes.com (presently, 11:58 PST, 199.239.136.200). However, the message was sent by dmailer099.dmx1.bfi0.com, 208.70.142.99. This is their upstream MTA provider called Epsilon, which had been known to have been hacked previously. Chances are this customer list was compromised from an upstream provider and the mail messages sent via hacking one of the servers at their mail provider, and the NYTimes internal network was not compromised, at least ostensibly by this act. Chances also are that NYTimes only uses this provider for mass communication and not internal messaging. So this is prominent because it involves the NYTimes and a phishing attempt, but in the grand scheme of things it's a bit of a dud.

  8. Not surprising by cultiv8 · · Score: 4, Interesting

    Someone wrote 4 lines of CSS & JS and was able to haxxor NYTimes paywall. A guru hacker is not necessary.

    --
    sysadmins and parents of newborns get the same amount of sleep.
  9. Re:Well, they tried hacking the The New Yorker fir by Anonymous Coward · · Score: 4, Funny

    I was happy I was unsubscribed, as I have never signed up for anything New York times related ever. So that information that I was unsubscribed had me thanking God.

    Sadly, it now appears to be a hoax. I am now crushed in despair.

  10. Re:Could be untargeted phishing by postbigbang · · Score: 4, Insightful

    The bounce in the header of the message implies that it was triggered internally. It wouldn't have been used to launder the list, because the bounces would have gone back to NYT.

    My guess is that it's not a DDOS, it's a fuckup.

    --
    ---- Teach Peace. It's Cheaper Than War.