AP Stylebook phishing alert sent in July officially linked to data breach

In July, I received a notice from the Associated Press that I should beware of phishing emails impersonating the AP Stylebook, followed a few weeks later by a password reset notification. Now, a letter posted to the Maine Attorney General’s office confirms that both notices were related to a single data breach.

Beware of AP Stylebook Phishing

When I first got the phishing alert, I was intrigued. It plays right in line with what criminals would normally do, but the target list is a bit unique. A few weeks later, on August 9, 2023, users of the AP Stylebook were sent a follow-up email informing them of a forced password change the next time they accessed the website.

While the cause for the phishing alert and forced password change was not explained, it’s clear now this was part of the recovery process related to the data breach.

Most of the customers of the AP Stylebook are journalists, editors, and writers within the corporate world, who use the guide to define their voice when presenting works to the public.

However, consider for the moment that like many other professions, writing isn’t really a high security coverage area, and those targeted by phishing scams leveraging the AP Stylebook as a lure might not realize that something is wrong.

After all, the general public is trained to look for phishing attacks related to things like Amazon, banking, social media, personal or corporate email, etc. Those trained to spot and question random billing notices might have been protected from the AP Stylebook scam, but that isn’t a 100% certainty.

AP Stylebook phishing warning sent to me in July of 2023.

While almost certainly opportunistic, data breaches such as this one could have a long-tail effect, stretching far beyond the first level of victims. Access to a media organization could lead to an untold amount of actionable data, including news sources, pending story content (market data), additional targets (think supply chain attacks), and more.

Data breach confirmed

According to the letter sent to the 224 people impacted by the data breach, criminals compromised an old AP Stylebook website (stylebooks.com) that was maintained by a third-party.

Stylebooks.com notified the AP Stylebook team about the breach on July 20. Subsequent investigation into the matter concluded that the threat actors had access to the system for a few days between July 16 and July 22, 2023. It was around this time that the phishing emails were sent.

Once the website was compromised, those responsible for the breach accessed customers records, including name, email address, mailing address (street, city, state, zip), telephone number, and usernames.

However, because some customers submitted a claim to be tax exempt, which means providing a Social Security Number or Taxpayer ID Number, and the AP Stylebook team cannot rule out that these identifiers were compromised too, they were proactively listed as a compromised asset.

Those affected by the incident are being notified directly, and will have 24-months of credit monitoring and identity restoration services by Experian available to them.