The Onion was hacked Monday by the Syrian Electronic Army (SAE), a pro-Assad group of “hacktivists.”

Hoping to prevent future hacking attacks on other companies, The Onion’s tech team wrote a blog post detailing how the SEA gained access to the satirical website’s Twitter account. According to the site’s techies, the SEA “phished Onion employees’ Google Apps accounts via three separate methods.” In the end, the hacker was able to compromise at least five accounts.

So what exactly did the phishing attack look like? The SEA sent phishing emails to various Onion employees starting around May 3. The link in the email looked like it would take a reader to a Washington Post story, but it redirected to a different website, which redirected to another website that asked for Google Apps credentials.

Once the SEA had access to one employee’s account, they sent more phishing emails to employees via the compromised account. Now that the email seemed to be originating from a trusted source, more employees clicked on the link and two employees entered their credentials.

After learning that at least one employee account had been hacked, the tech team sent a company-wide email asking employees to alter their email passwords asap. However, the SEA used a “undiscovered compromised account” to send a similar email which contained a link to the phishing page camouflaged as a password-reset link. This third email compromised several more accounts. One of these accounts had access to The Onion’s Twitter account.

In typical Onion fashion, the newspaper made fun of itself after being hacked by the SEA. “Onion Twitter Password Changed To OnionMan77. ‘That Ought To Do It,’ Company Sources Confirm,” The Onion tweeted shortly after the company’s tech team requested a password reset on every employee’s Google Apps account.

The SEA hacked the NPR publishing system in April. The titles of several of NPR’s stories were changed to “Syrian Electronic Army Was Here.”

Do you read The Onion? Why did the SAE target The Onion? What can companies do to protect their accounts from being hacked? Share your thoughts in the comments section.