Syrian Electronic Army targets widget used by many publishers to surface content that the reader might like.
Taboola, a widget used by many electronic publishers to help readers find additional content, was hacked by the Syrian Electronic Army (SEA) yesterday.
"Today [Monday], between 7AM - 8AM EDT, an organization called the Syrian Electronic Army hacked Taboola’s widget on Reuters.com," said Taboola founder and CEO Adam Singolda in a blog. "The intruder was redirecting users that accessed article pages on reuters.com to a different landing page."
Taboola is also used by other popular websites, including Time, The Weather Channel, BBC, and USA Today, but the Reuters hack is the only one mentioned in the blog.
Taboola did not immediately address the SEA's claims that it had also hacked Taboola's Paypal account. The SEA posted a copy of what appears be the Paypal page of Taboola on its website.
"The breach was detected at approximately 7:25am, and fully-removed at 8am," said Singola. "There is no further suspicious activity across our network since, and the total duration of the event was 60 minutes.
"While we use 2-step authentication, our initial investigation shows the attack was enabled through a phishing mechanism. We immediately changed all access passwords, and will continue to investigate this over the next 24 hours."
"Websites need to think long and hard not only about the security of their own servers, but whether the companies who are providing widgets and plugins that power the websites are taking security as seriously themselves," said security expert Graham Cluley in a blog about the incident. "After all, at the end of the day, the typical user is going to view the incident as Reuters being hacked – not Taboola."
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024