The New York Post made headlines today when it published a series of incendiary and offensive articles online.
Depending on your political viewpoint, you may well say “What’s new?”.
But on this occasion the Murdoch-owned tabloid’s website was particularly unpleasant – calling for the assassination of political figures like Joe Biden and Alexandria Ocasio-Cortez, and spreading racial slurs.
And, of course, in a blink of an eye the offending stories were being promoted by the newspaper’s Twitter account.
Please note – I’m choosing not to republish some of the most vile things which were posted under the NY Post‘s banner.
A Post spokesperson said it was investigating the cause of the incident, and had “taken down the vile and reprehensible content posted by the hackers.”
So, what had happened? Had the New York Post gone barmy? Had they been hacked?
It transpires that the newspaper had not fallen victim to external hackers as had first been suspected, but instead a rogue employee who had access to the website’s content management system (CMS) was responsible.
“The New York Post’s investigation indicates that the unauthorized conduct was committed by an employee, and the employee has been terminated.”
It’s unclear from what has been shared so far whether the rogue employee had legitimate access to the nypost.com website’s backend, which runs on the WordPress VIP platform, or if they exploited someone else’s login credentials.
Once again, a company has been very publicly exploited by a malicious member of their own staff. Never underestimate the risks your business can face from a rogue insider. Hackers have to break their way into your organisation, your employees have already been granted access to your internal systems and data.
Readers with long memories may recall that in 2013, the Facebook and Twitter accounts of the New York Post were hijacked by the Syrian Electronic Army.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.