Cyber Incident Victim: The Wall Street Journal
Date:
Mar 2025
Location:
United States of America
Summary
Hackers compromised a section of The Wall Street Journal's website, posting a fabricated apology supporting YouTube creator PewDiePie and encouraging subscriptions to his channel amid a rivalry with T-Series. The defacement included memes and a satirical request for credit card details, though no actual data collection mechanism was present. The attackers claimed to have accessed the publication's content management system using weak credentials. The affected page, part of an advertising-related unit unaffiliated with the newsroom, was swiftly taken offline, and an internal investigation was initiated. This incident follows a pattern of online disruptions by PewDiePie supporters, including previous global printer hacks promoting the channel.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 12, 2025, hackers compromised The Wall Street Journal’s website by posting unauthorized content supporting YouTube creator PewDiePie (Felix Kjellberg). The defacement occurred in a section of the site dedicated to commercial partner content, specifically linked to cybersecurity firm Oracle. Attackers replaced legitimate content with a fabricated apology from the WSJ to PewDiePie, referencing the outlet’s prior reporting on Kjellberg’s dissemination of anti-semitic messages, which had led Disney to sever ties with him. The message falsely claimed WSJ journalists responsible for this coverage had been fired and stated the publication was sponsoring PewDiePie to help him surpass rival YouTube channel T-Series in subscriber counts. The defaced page included memes urging readers to subscribe to PewDiePie’s channel and contained a satirical request for credit card details framed as a Fortnite promotion. An individual claiming responsibility contacted Motherboard, asserting the hack was motivated by the PewDiePie vs. T-Series rivalry and alleging compromised WSJ content management system credentials due to weak security practices ("Their password was their username"). Motherboard could not verify this claim independently.
The WSJ removed the defaced page shortly after the incident. A spokesperson confirmed the compromised section was operated by WSJ Custom Solutions, an advertising unit unaffiliated with the newsroom, and stated an investigation had been launched. PewDiePie acknowledged the hack on Twitter, noting the page’s deletion. Oracle, the partner linked to the affected section, did not respond to requests for comment. The incident disrupted WSJ’s commercial content operations temporarily but did not affect core newsroom functions. It followed a pattern of fan-driven campaigns targeting entities perceived as opposing PewDiePie, including prior global printer hacks promoting his channel. The hack amplified existing controversies surrounding Kjellberg, including recent reports of him promoting channels with anti-semitic content. No evidence linked Kjellberg directly to the WSJ defacement, and his publicist did not comment. The WSJ’s public response emphasized the separation between its advertising infrastructure and editorial operations while underscoring the ongoing investigation into the breach.