Last week, PR Newswire began alerting affected customers about compromised data after it found that the networks of its marketing and press release distribution service were hacked as early as February.
IT security firm Hold Security found that PR Newswire was targeted in a large-scale attack, hitting more than 2,000 IP addresses using ColdFusion exploits. It resulted in customers' usernames and encrypted passwords, which are used to access and upload news releases, being poached.
In a statement, PR Newswire said that based on a preliminary review, customer payment data was not compromised. The investigation is ongoing, and customers have been advised to change their account passwords.
PR Newswire declined to comment when PRWeek asked what kind of outreach the company is doing in response to the hack. It is also unknown if PR Newswire has hired an agency to aid it with the process.
In related news, Sweden-based Cision's website also fell victim to a bogus press release posting. The incident resulted in two biometric companies' share prices skyrocketing, and a police investigation.
Additionally, last November, press release distribution website PRWeb published a fake release about Google acquiring wireless hotspot provider ICOA for $400 million. Although ICOA CEO George Strouthopoulos denied the report shortly after the release was posted on the Vocus-owned site, several outlets had already picked up the news. PRWeb responded to the issue with a statement, referring to the release an “instance of identity theft.”
While Vocus said at the time that PRWeb does not check the accuracy of promotional messages when distributing releases, Business Wire, Marketwire, and PR Newswire confirmed they do review content before distribution and have personal interaction with customers.
Aside from obviously harming a press release distribution website's credibility, the Krebs on Security website noted that “misleading PR statements on behalf of major companies could disrupt stock markets, injure a company's reputation, and affect customers.”
Carefully reviewing press releases and personal interaction may help to prevent release fraud, but this is only a starting point. Disturbingly, security breaches like these seem to be reported more often, with no sign of a true resolution. In the meantime, it is interesting to see how PR professionals manage these companies' reputations, communicating their reliability in the wake of such adverse events.