The Washington Post said that a hacker had gained access to nearly 1.3 million email addresses and user IDs on its online jobs section.
The Post said no passwords or other personal data were compromised in the attack on the jobs section of WashingtonPost.com which occurred last week.
"We quickly identified the vulnerability and shut it down, and are pursuing the matter with law enforcement," the Post said. "We sincerely apologize for this inconvenience."
The Post said users of the jobs site were informed of the incident by email and told to beware of unsolicited emails that try to trick them into giving up personal information such as credit cards, passwords or bank account numbers.