Connect with us

Hi, what are you looking for?



Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach

Cybercriminals breached an AP Stylebook website and obtained information on customers who were then targeted in phishing attacks. 

The Associated Press is informing some AP Stylebook customers that their information has been compromised as a result of a data breach impacting an old website.

The AP Stylebook, a writing and editing guide that is widely used by corporations and newsrooms, is hosted on However, an older version was until recently also available, on This older version, which a third party had maintained on behalf of AP, was no longer in use, but it was still accessible.

Threat actors hacked into the old site and managed to obtain the information of more than 220 customers, including their name, postal address, email address, phone number, and user ID. In some cases, customers also provided social security numbers or taxpayer IDs, which may have also been stolen by hackers.

The third party that maintained the old site informed AP on July 20 that some users had received phishing emails pointing to a fake AP Stylebook website that instructed them to provide updated payment card information. 

An investigation showed that the information of the AP Stylebook customers targeted in the phishing attacks was obtained from the old website, with attackers having access to the site between July 16 and July 22. 

In response to the incident, the old website was shut down and AP also managed to disable the phishing site a few days after the attack came to light. While the new AP Stylebook website has not been impacted, users are being forced to change their passwords as a precaution.

The Associated Press warned AP Stylebook customers about the phishing emails in late July, but at the time it did not mention the data breach.

Advertisement. Scroll to continue reading.

Impacted customers are being offered two years of free credit monitoring and identity restoration services. 

While AP’s notification to customers does not mention the number of affected individuals, information submitted to the Maine attorney general’s office revealed that the total number of impacted people is 224.

Related: Salesforce Email Service Zero-Day Exploited in Phishing Campaign

Related: New Phishing Campaign Launched via Google Looker Studio

Related: Breached American Airlines Email Accounts Abused for Phishing

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Fraud & Identity Theft

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...


The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...


The Single Most Important Part of Dealing with a Phishing Attack is Preparing for the Attack Before it Actually Happens.


Enterprise users have been warned that cybercriminals may be trying to phish their credentials by luring them with fake emails that appear to be...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...