Multiple websites using the Gigya commenting service (aka 'customer identity management platform') - reportedly including high-traffic sites such as those operated by Aljazeera, CNBC, CNN, Dell, Microsoft, National Geographic, Nine News Australia, Red Bull, Stuff (New Zealand), UNICEF and William Hill Betting - have been displaying messages suggesting the site or its users had been hacked by the Syrian Electronic Army.
This was achieved by redirecting traffic intended for Gigya to other sites, by altering Gigya's DNS record at domain registrar GoDaddy.
DNS records determine how domain names are translated into IP addresses.
|
|
More than 700 sites may have been affected. Gigya claims to be "trusted by more than 700 leading brands."
Gigya CEO Patrick Salyer said "To be absolutely clear: neither Gigya's platform itself nor any user, administrator or operational data has been compromised and was never at risk of being compromised."
He added "Gigya has the highest levels of security around our service and user data. We have put additional measures in place to protect against this type of attack in the future."
And stuff.co.nz editor Patrick Crewdson said "We treat any breach of services we use very seriously. We have no reason to believe any user information was compromised, and we're working with Gigya to make sure such a breach doesn't happen again."
A tweet from @Official_SEA16 said the attack was harmless, and that users could protect themselves against similar but more malicious attacks by using the NoScript add-on for Firefox. NoScript blocks JavaScript and certain other types of content from running on web pages unless they have been whitelisted.
The Syrian Electronic Army has previously claimed responsibility for attacks on major media organisations including the BBC and the New York Times (also via a domain registrar, in that case Melbourne IT).
