Chartbeat, the traffic monitoring service used by numerous news websites, said that it was hit by a phishing attack carried out by the Syrian Electronic Army recently.
“Let me say first that no client’s site was affected. No action was taken on or from a client site. However, four Chartbeat Publishing clients’ dashboards were viewed by unauthorized parties and a handful of passwords were reset by these wankers,” wrote Chartbeat in a blog posting on Thursday afternoon.
He added that if Chartbeat has not contacted a site directly, “we don’t feel there’s a need for concern at this point, but as a precaution ask that you reset all passwords to your accounts.”
“Though it appears this incident only involved a few clients, we’re sharing this information publicly because we believe in transparency above all else and have our clients’ data and security as our absolute top priority. In the next day, our development and web ops team will be writing a complete post on all of the security measures and updates we’ve had in place, put in place and will put in place,” he added.
The Syrian Electronic Army, which says it supports Syrian President Bashar al-Assad, has claimed responsibility for a number of high-profile attacks on news websites and their Twitter accounts. Reuters, The Associated Press, and even satirical news site The Onion have been hacked by the group.
Chartbeat said it was phished as part of a campaign by the group that also affected Outbrain and SocialFlow.