Phishing Expedition Forces Outbrain to ‘Degrade Gracefully’ from WaPo, TIME, CNN

The terminology referenced in our headline comes straight from an afternoon Outbrain blog post explaining how the Syrian Electronic Army was able to briefly compromise the websites of the Washington Post, CNN and TIME:

At 10:23am ET, SEA took responsibility for hack of, changing a setting through Outbrain’s admin console to label Outbrain recommendations as “Hacked by SEA.”

At 10:34am Outbrain internal staff became aware of the breach.

By 10:40am Outbrain network operations began investigating and decided to shut down all serving systems, degrade gracefully and block all external access to the system…

A more long-lasting result of this and the SEA breach of New York Post social media accounts earlier this week may be a sweeping re-evaluation by major media websites of the third party tools they use. Outbrain and, earlier, SocialFlow were* was a trap door through which the SEA was able to enter.

Along with SEA’s ability to spoof internal email correspondence so that it looked like it came from a reputable co-worker or boss. Right now, NYC-headquartered Outbrain is in full damage-control mode.

*Correction (August 16)
After being alerted by a reader in the comments below, we did a little more digging and found that in fact, the hacking of New York Post social media accounts had nothing to do with SocialFlow. Please read the company’s August 14 blog posting to that effect. FishbowlNY apologizes for the error.