Visitors to some large media and entertainment websites on Thursday — including NBC, The Independent and NHL.com — were greeted by pop-up messages that said those sites had been hacked by the Syrian Electronic Army. According to an analysis by the Independent, the hack used a vulnerability in the DNS settings of Gigya, a service that many large websites use to handle comments and social logins, which the company says it has now repaired.
In a post on its blog, Gigya said that the Syrian Electronic Army modified the WHOIS record for its website and pointed it to a different DNS (domain name system) server, which in turn pointed Gigya’s content delivery network or CDN domain to a server run by the SEA:
[blockquote person=”” attribution=””]”At approximately 6:45 AM EST we identified sporadic failures with access to our service. An initial inquiry has revealed that there was a breach at our domain registrar that resulted in the WHOIS record of gigya.com being modified to point to a different DNS server. That DNS server had been configured to point Gigya’s CDN domain (cdn.gigya.com) to a server controlled by the hackers, where they served a file called ‘socialize.js’ with an alert claiming that the site had been hacked by the Syrian Electronic Army.”[/blockquote]
Gigya, which recently raised $35 million in a round of venture financing led by Intel’s investment fund, is a San Francisco-based company that provides social-login and marketing services to more than 700 firms worldwide, and processed more than a billion logins this year, according to information it provided to the New York Times.
Gigya said in its post that no user data was compromised or lost in the attack, and the DNS settings have been repaired — although it may take some time for all sites to be updated, because of the way the domain-name system works. The company added that it maintains “the highest levels of security around our service and user data” and that it has “put additional measures in place to protect against this type of attack in the future.”
The Syrian Electronic Army has become notorious for such hacks over the past few years, including attacks that compromised PayPal, Microsoft and Facebook. The Army is made up of hackers who support Syrian president Bashar al-Assad, and it is believed to be run with official government approval.