A number of high-profile American news outlets, including the Washington Post, Time Magazine, and CNN, were compromised by hackers from the Syrian Electronic Army (SEA) earlier this week. According to a report published by the BBC, the websites of the three news entities were overcome by links that re-directed to the SEA website, a result of a hacking attack on a link recommendation service called Outbrain.

The hackers, who are said to be extremist supports of Syrian President, Bashar al-Assad, took advantage of the linking service via a password phishing email that landed in the inboxes of Outbrain employees earlier this week. The email masqueraded as a message from Outbrain’s CEO, and several employees fell for it, giving the SEA access to company passwords. The hackers then played around with software settings designed to control the links on pages of several Outbrain clients, including CNN, Time, and the Washington Post.

It took Outbrain 11 minutes to notice the change, and another half hour to essentially shut down their service. In that time, the links provided by Outbrain directed readers of the aforementioned news outlets to the website for the Syrian Electronic Army. CNN and the other affected outlets quickly disabled the Outbrain plug-in to prevent sending more readers to the SEA site. Outbrain, meanwhile, relaunched seven hours later with the problem corrected (and the passwords changed), but the hack was still an alarming incident that sent shockwaves throughout the media.

Chester Wisniewski, a senior security adviser at the antivirus company Sophos, thinks things could have been even worse if the SEA hackers had wanted them to.

“In this case it may only be sending you to the Syrian Electronic Army’s website but it could also be used to install viruses or copy cookies to try and later impersonate a visitor,” he told the BBC.

The attack wasn’t the only media incident to involve the SEA this week. According to the managing editor at the Washington Post, employees of the newspaper were subjected to a password phishing scam earlier this week, not unlike the one that Outbrain fell victim to. Similarly, social media accounts of the New York Post were compromised earlier this week.

If the trend offers any indication, either the Syrian Electronic Army is getting more aggressive or high-profile media outlets are getting too lax about their own cyber security. As has been stated, a simple linking re-direct to the SEA site, while potentially irritating or scary, is not inherently dangerous. But with so many readers moving online and away from print media, news outlets like the Washington Post, CNN, and Time owe it to their audiences to have multiple security safeguards in place at all times, just in case viruses or spyware are on the other side of such links instead.