Harper’s Magazine, the monthly longform journalism and essay publication, has warned subscribers that their passwords may have been stolen by hackers.
On Thursday several subscribers tweeted screenshots of an email that Harper’s sent. “It has come to our attention that your username and password for Harpers.org may have been compromised,” the email reads.
Some subscribers initially thought the email may have been a phishing attempt, designed to steal their password. The password reset link in the email leads to an URL from Buysub, and not the Harper’s website itself. Buysub is one of the largest magazine subscription commerce sites on the web, according to its website.
But, the warning email from Harper’s was real, according to Giulia Melucci, vice president of public relations at Harper’s.
“The email was legitimate. We have reason to believe that subscriber passwords may have been compromised. We are investigating the matter now,” she told Motherboard in an email.
However, at the time of writing subscribers are unable to change their passwords: Buysub’s website is currently down. CDS Global, which provides the Buysub service, did not immediately respond to a request for comment on whether other publications are affected by this potential data breach.
Even if subscribers can’t change their password on Harper’s right now, it would be a good idea to change passwords on any sites that use the same one, since those credentials may already be in the hands of hackers.
The lesson: Even if subscribers can’t change their password on Harper’s right now, it would be a good idea to change passwords on any sites that use the same one, since those credentials may already be in the hands of hackers.