Cyber Incident Victim: New York Post

On April 1, 2017, the New York Post’s mobile application push notification system was compromised by an unidentified hacker. Late that Saturday evening, the attacker disseminated nine unauthorized alerts through the app. These messages contained inflammatory, religious, and pop-culture references. One alert included the phrase “Heil President Donald Trump,” while others quoted biblical-style language such as “Hear me now, for I speak as an angel in the words of God” and “In casting truth into the darkness of your shadow, you have gravely sinned.” The hacker also incorporated lyrics from Nirvana’s song “Come As You Are”: “Take your time, hurry up, the choice is yours, but don’t be late.” The intrusion concluded with a signature line reading “With Lucid Love, Selah.” The timing coincided with April Fool’s Day, though no explicit claim linked the hack to the holiday beyond the coincidence.

The New York Post detected the breach shortly after the alerts were distributed and initiated a public response within hours. Early on Sunday, April 2, the organization issued an apology via Twitter and a corrective mobile notification, explicitly stating, “The push alert system for our mobile app was compromised this evening. Please accept our apologies.” No technical details regarding the intrusion vector, duration of access, or remediation steps were disclosed publicly. The incident caused reputational disruption due to the politically charged and religious content broadcast to app subscribers. No collateral impacts—such as data theft, service outages, or secondary malware deployments—were reported. The attacker’s identity and motives remained undetermined, with no subsequent claims of responsibility or further communications from the “Selah” persona. The Post’s acknowledgment and apology marked the conclusion of its documented response to the event.