Popular blog site Boing Boing announced Monday it has been hacked by an unknown party who had injected malicious code into its site. According to the group blog, the code was injected into its WordPress themes and was designed to redirect readers to a malware page.
“Around 11:30 EST on January 10th, an unknown party logged into Boing Boing's CMS using the credentials of a member of the Boing Boing team,” Boing Boing wrote in a post.
“They proceeded to install a widget into our theme that allowed them to redirect users to a malware page hosted at a third party.”
Pointing out to the nature of programmatic advertising, Boing Boing said it had mistaken the code as a “malicious adscript” that redirects users into an unsecured page. With this in mind, the site responded by reporting the activity through its Ad Partner's "bad ad" reporting page.
While the malicious code was later revealed to be not an ad, Boing Boing claimed that the action enabled their ad partner to identify the issue and inform them about the specifics of the attack.
“Once this was confirmed, we removed the offending code immediately from our servers and our CDN partners,” the blog explained.
“The BB team then proceeded to change passwords, access tokens, confirm access rights, and perform log analysis of the behavior of the user. As stated in our privacy policy, we only keep 72 hours worth of logs, but this was sufficient to track down the malicious activity and user account in question and react accordingly. We also took steps to modify our CMS to ensure a separate audit log (outside our 72-hour access logs) will be maintained in the future to help us track down administrative actions within our publishing software in the event of future breaches, so we are able to take action and determine the scope of a breach more thoroughly in the future.”
In an article from Graham Cluely, desktop users who have visited the site were reported to have been redirected into a malicious Adobe Flash update download page. Meanwhile, those that had visited the site using their Android devices were “presented with a pop-up purporting to come from Google, claiming that their phone was unsafe.”
In response to the incident, Boing Boing advised those who had visited the site over the weekend to run local anti-virus and malware scanners. To prevent the same attack from happening, the popular blog site also ensured it had taken various security measures and made its employees had their login credentials changed.
“From a systems security perspective, this is an excellent cautionary tale of the importance of individual user security,” Boing Boing added.