The Washington Post has alerted job seekers who use its employment pages of a data breach that compromised up to 1.27 million accounts.
The publisher wrote on its website that the "Jobs" section was attacked by an "unauthorised third party" once on 27 June and once on 28 June. The attackers obtained user IDs and e-mail addresses, but did not get passwords or other personal information.
"We are taking this incident very seriously," the Washington Post said. "We quickly identified the vulnerability and shut it down, and are pursuing the matter with law enforcement. We sincerely apologise for this inconvenience."
The attacks on the Washington Post follow a string of well-publicised hacking incidents affecting business and government websites from groups such as Anonymous and the now-disbanded Lulz Security, both of which struck high-profile organisations and have released sensitive data.
The Washington Post warned that users whose data was compromised could receive spam. Email addresses - while commonly publicly disseminated - are particularly useful for hackers since they can craft targeted messages with links leading to websites that could infect victim's computers with malicious software.
The publisher said it had implemented security measures to prevent such an attack in the future and is also auditing the Jobs site for other possible security issues.