Hubbard Radio’s DC news websites, WTOP.com and FederalNewsRadio.com are now accessible again, following resolution of a cyberattack against the websites 5/7 to 5/9. Users accessing the websites from all web browsers, including Internet Explorer, have full access to both websites.
A statement posted on WTOP’s site said that users who visited its page using Microsoft’s Internet Explorer browser may have been affected by the attack. It said visitors using other browsers, including Safari or Firefox, were not affected.
The attacks installed two types of malware—a fake antivirus software, which displayed a pop-up message indicating that the computer is infected with a virus. This pop-up message prompted the user to click on a link, which takes them to a website that is not recognized by the user. This fake website offers security software for sale and prompts users to provide personal information, including credit card numbers. Neither WTOP.com nor FederalNewsRadio.com collect or store Social Security numbers or credit card info.
The second connected users’ computers to a larger network that hackers can control and use to increase the number of “clicks” on digital ads that make them money.
When the attacks were discovered, WTOP.com and FederalNewsRadio.com reached out to all users, via email messages and through social media, to make them aware. An investigation was launched, the malicious code was removed, additional security measures were installed, and federal law enforcement officials were notified of the incident, says WTOP.
Full access to the websites was restored on 5/11, after a review of site security and implementation of recommendations to fix the vulnerabilities the attacker exploited to gain access to the websites. The review was conducted and recommendations were made by Mandiant, an internationally recognized cybersecurity consulting firm.
“Getting the websites back up and running safely for all users has been our top priority,” said Joel Oxley, SVP/GM, WTOP and Federal News Radio. “We take our users’ privacy very seriously, and we have taken steps to prevent similar occurrences. We apologize to our user community for any inconvenience that this incident has caused.”
“We have found and eliminated the vulnerabilities that were exploited,” said John Spaulding, the Washington, D.C. Director of Information Systems for Hubbard Radio. “During the cyberattack, it is possible the database of WTOP.com and FederalNewsRadio.com email users may have been compromised. However, we have no evidence that any log-in information was actually acquired by the hackers.”
Passwords for all registered users and users who receive breaking news, daily headline or other emails from both websites have been reset. They’ve been contacted directly, informed of the need to reset their passwords the next time they visit the websites, and encouraged to change their passwords on other websites where they use the same password.
RBR-TVBR observation: Hopefully a heads-up for any broadcaster whose website requests user names and passwords to log in for services and offerings. These users are typically P1 listeners in the case of radio and have put their trust in the site, providing any personal info, along with their email address. A good number of WTOP and Federal News Radio listeners may not return to reset their passwords out of mistrust now. Bottom line–make sure your site(s) is protected and, like WTOP, have a plan in place to address the problem if it happens with contracted and reputable cyber security firm.