Stuff.co.nz: we got hacked
A rough day at the office for Fairfax site's new editor.
A rough day at the office for Fairfax site's new editor.
Stuff.co.nz says it was one of several media websites targeted by hackers overnight.
The hack resulted in a pop-up add with the text "You've been hacked by the Syrian Electronic Army (SEA)."
The breach occurred via Gigya, a third-party US company which provides commenting and sharing services to various sites worldwide, including Stuff, the LA Times and the Independent, which were all affected.
Gigya says user data was not compromised in the attack.
However, it did result in Stuff disabling comments, and reporting that logins were missing (an NBR reporter says his personal login was unaffected).
It was a rough start for Patrick Crewdson, who has just been promoted from news editor to Stuff editor.
In a statement issued by Stuff publisher Fairfax, (below) Mr Crewdson said assured readers their personal information is safe.
"We treat any breach of services we use very seriously. We have no reason to believe any user information was compromised, and we're working with Gigya to make sure such a breach doesn't happen again," the editor said.
-------------
RAW DATA: Fairfax statement:
We'd like to reassure you regarding an issue that a number of our users have experienced this morning.
A worldwide hacking operation hit several major companies and media websites overnight, including stuff.co.nz.
There is no reason to believe any personal data was compromised.
Gigya, a third-party United States company which provides commenting and sharing services, had its domain registrar breached, which resulted in websites pointing to a new website, operated by the Syrian Electronic Army, when people tried to access them.
Stuff.co.nz was affected, along with Forbes, The Independent, The Daily Telegraph, The Chicago Tribune, Italy's La Repubblica and The Los Angles Times.
Companies including Dell, Microsoft, Ferrari and humanitarian organisation Unicef were also targeted.
The hack resulted in an image with the text "You've been hacked by the Syrian Electronic Army (SEA).
Gigya chief executive Patrick Salyer has advised that at no point was any user data compromised.
"To be absolutely clear: neither Gigya's platform itself nor any user, administrator or operational data has been compromised and was never at risk of being compromised. "Rather, the attack only served other JavaScript files instead of those served by Gigya."
Our editor, Patrick Crewdson, would like to assure you that your personal information is safe.
"We treat any breach of services we use very seriously. We have no reason to believe any user information was compromised, and we're working with Gigya to make sure such a breach doesn't happen again."
If you've been affected, thanks for your patience while we deal with this matter.