Syrian Electronic Army hacks websites via Gigya’s login service

5 Comments

Visitors to some large media and entertainment websites on Thursday — including NBC, The Independent and NHL.com — were greeted by pop-up messages that said those sites had been hacked by the Syrian Electronic Army. According to an analysis by the Independent, the hack used a vulnerability in the DNS settings of Gigya, a service that many large websites use to handle comments and social logins, which the company says it has now repaired.

In a post on its blog, Gigya said that the Syrian Electronic Army modified the WHOIS record for its website and pointed it to a different DNS (domain name system) server, which in turn pointed Gigya’s content delivery network or CDN domain to a server run by the SEA:

Gigya, which recently raised $35 million in a round of venture financing led by Intel’s investment fund, is a San Francisco-based company that provides social-login and marketing services to more than 700 firms worldwide, and processed more than a billion logins this year, according to information it provided to the New York Times.

B3c-PKRIYAAaK02

Gigya said in its post that no user data was compromised or lost in the attack, and the DNS settings have been repaired — although it may take some time for all sites to be updated, because of the way the domain-name system works. The company added that it maintains “the highest levels of security around our service and user data” and that it has “put additional measures in place to protect against this type of attack in the future.”

The Syrian Electronic Army has become notorious for such hacks over the past few years, including attacks that compromised PayPal, Microsoft and Facebook. The Army is made up of hackers who support Syrian president Bashar al-Assad, and it is believed to be run with official government approval.

5 Comments

Jonsy13

so does this mean the user connecting to the website at this time was hacked and is currently at risk on their own local system and network? or was it simply the website hacked?

dailytut

Gsmarena hacked recently and the users were redirected to attackers website. too bad that these hackers are going wild against some review sites, ad serving networks.

Robin.
dailytut

Natt Farinn

It wasn’t. Goal.com uses Gigya widgets on their site. I suppose every single Gigya client had this problem yesterday.

Comments are closed.