Email addresses and names of subscribers to DefenseNews, a highly regarded website that covers national and international military news, were accessed by hackers and presumed stolen.
DefenseNews' subscribers include active and retired military personnel and defence contractors.
"We discovered that the attacker gained unauthorised access to files containing information of some of our users," said Gannett Government Media, an arm of the media chain that publishes not only DefenseNews, but also the Military Times and Federal Times sites, as well as a number of military-specific magazines and journals.
In a message posted to the site, Gannett acknowledged that the accessed information included first and last names, email addresses, account passwords, and duty status branch of service for military personnel.
Gannett urged registered users to reset their site passwords, "as well as your other online accounts, particularly those that use the same email address used for your Gannett Government Media Corporation account."
The attack was first detected June 7.
One security expert said it was possible the attack against DefenseNews and the other sites Gannett operates was targeted, perhaps by state-backed hackers. "It's hard to know if this was just part of the general ransacking of sites, or an attempt to obtain valuable information for spear-phishing," said Anup Ghosh, the founder and CEO of security firm Invincea.
Ghosh said it's likely the attack was deliberately after the names and email addresses of people in the defence industry and military.
"This is a pretty selective group," Ghosh said of the DefenseNews account holders, and would be restricted in scope to the military-industrial [establishment]. It would be very attractive from a nation state point of view."
The stolen information would make the perfect fodder for future "spear phishing", the kind of attacks that target individuals within an organisation by crafting convincing messages, often with embedded links or attached files that direct recipients to malicious sites or plant malware directly on PCs to gather more information or gain greater access to a network.
Spear phishing attacks have been blamed for a number of recent high profile attacks, including ones against the International Monetary Fund (IMF) and senior government officials through Gmail. Military contractors, most notably Lockheed, have also been attacked this year, although not necessarily through spear-phishing tactics.
"With this information, spear phishers could create pretty convincing messages," said Ghosh, who said that clickthrough rates in such attacks can reach as high as 20%, meaning one-out-of-five people click on a link, open a file attachment or disclose other personal information.
Ghosh also noted that defence agencies and militaries are careful not to reveal contact information for their workers or personnel, for just that reason. "I wouldn't have thought to target a publication like this," said Ghosh. "It was actually very clever."
Gannett has sent emails to subscribers whose information was accessed, and warned them against falling for any spear phishing schemes.
"You should delete any unusual or suspicious emails without opening them and should not click on any links embedded in a message that appears suspicious once you have opened it," the company told subscribers.
DefenseNews has not said how many account records were accessed by attackers, and did not return a call for comment.
Find your next job with techworld jobs