AP Stylebook Data Breach Results in Targeted Phishing Attacks
The Associated Press announced that users of its old website ‘’AP Stylebook’’ had been hit by targeted phishing attacks as a result of the July 2023 data breach incident.
The popular writing and editing style guide is used by several journalists, editors, and newsrooms across the world. The hackers managed to infiltrate the third-party maintained website to steal personal information of users.
‘’The personal information was stored in a database that was accessible on an old AP Stylebook website that was no longer in use but still available online and maintained on our behalf by an outside service provider, Stylebooks.com, Inc. (“Stylebooks.com”),’’ the notice read.
First discovered by AP on July 20, when Stylebooks.com notified that some of the AP Stylebook customers reported receiving phishing emails asking them to update credit card information on dubious APS websites.
An investigation into the incident revealed that unauthorized threat actors had stolen 224 users’ data by accessing the old and defunct website between July 16 and July 22, 2023.
The stolen data included a user’s name, email and street address, city, state, zip code, phone number, and user ID. While making a purchase, some customers were asked to provide Tax Exempt IDs. Thus, the stolen information might also include a customer’s Social Security Number (SSN) or Taxpayer ID.
The new and active AP Stylebook website (apstylebook.com) was not impacted by this incident. However, the company has sent out emails to both old and new website users warning them about the incident and potential phishing attacks.
‘’In this email, we alerted the recipients to the phishing emails, clarified which email address is used to send legitimate emails, and provided our contact information for any questions,’’ the notice read.
AP notified the relevant authorities and also made it mandatory for all users to change their passwords. It is also reviewing its security protocols and updating training programs for all internal users. Moreover, its users are being offered 2-years complimentary credit monitoring and identity restoration services.