The Onion—a publication that doesn't even offer real news—seems like an odd target for the Syrian Electronic Army, but the satirical news site claimed its Twitter account fell victim to hackers from the group earlier this week.
Now The Onion's tech team has posted on how the hack happened—and offered tips for other publications to avoid the same fate.
The hack started with phishing emails sent to several Onion staffers, according to the post, and at least one person at the company fell for it.
"Once the attackers had access to one Onion employee’s account, they used that account to send the same email to more Onion staff at about 2:30 AM on Monday, May 6," the post continued. "Coming from a trusted address, many staff members clicked the link, but most refrained from entering their login credentials. Two staff members did enter their credentials, one of whom had access to all of our social media accounts."
Eventually, the attackers got access to The Onion's Twitter account and blasted out a series of Syria-focused tweets. The Onion's editorial team also got in the mix, posting an article in response to the attack, titled "Syrian Electronic Army Has A Little Fun Before Inevitable Upcoming Deaths At Hands Of Rebels."
The Onion's post also offered a few tips for avoiding hacks. Here's one of the big takeaways: "Make sure that your users are educated, and that they are suspicious of all links that ask them to log in, regardless of the sender."
The Onion is certainly not the first publication to come under attack by the Syrian Electronic Army. The group allegedly hacked the Associated Press' main Twitter account last month, and an AP tweet about explosions at the White House briefly sent the stock market tumbling. Soon after the AP hack, several of The Guardian's Twitter feeds were compromised by the group.
Read The Onion's full blog post here.