Cyber Incident Victim: New York Post

On October 27, 2022, the New York Post experienced a cybersecurity breach resulting in unauthorized publication of offensive content across its digital platforms. Attackers gained control of the newspaper’s website and verified Twitter account, posting disturbing headlines targeting prominent political figures including NYC Mayor Eric Adams, Representative Alexandria Ocasio-Cortez (D-NY), NY Governor Kathy Hochul, Texas Governor Gregg Abbott, Representative Adam Kinzinger (R-IL), President Joe Biden, and his son Hunter Biden. The compromised content appeared on both the Post’s website and social media channels before being detected. The newspaper acknowledged the breach via Twitter, stating it had been hacked and initiated an investigation while removing the offensive material from all affected platforms. Initial reports indicated uncertainty regarding the intrusion method, with no immediate claims of responsibility from external threat actors.

The following day, October 28, the New York Post attributed the incident to an internal employee, whom they subsequently fired. Their investigation concluded the unauthorized actions were committed by this individual, though no technical details about access methods or motives were disclosed. This incident occurred against a backdrop of recent cyberattacks targeting media organizations, notably the Fast Company breach one month prior where attackers exploited a WordPress content management system (CMS) to push racist notifications via Apple News. While no direct connection was established between the Post hack and the Fast Company incident—claimed by threat actor "Thrax"—the Post’s parent company, News Corp, had separately disclosed a "persistent" cyberattack targeting its systems in February 2022. The Post confirmed no additional compromised systems beyond the website and Twitter account, emphasizing prompt removal of what it described as "vile and reprehensible" content.