Syrian Electronic Army targets widget used by many publishers to surface content that the reader might like.
Taboola, a widget used by many electronic publishers to help readers find additional content, was hacked by the Syrian Electronic Army (SEA) yesterday.
"Today [Monday], between 7AM - 8AM EDT, an organization called the Syrian Electronic Army hacked Taboola’s widget on Reuters.com," said Taboola founder and CEO Adam Singolda in a blog. "The intruder was redirecting users that accessed article pages on reuters.com to a different landing page."
Taboola is also used by other popular websites, including Time, The Weather Channel, BBC, and USA Today, but the Reuters hack is the only one mentioned in the blog.
Taboola did not immediately address the SEA's claims that it had also hacked Taboola's Paypal account. The SEA posted a copy of what appears be the Paypal page of Taboola on its website.
"The breach was detected at approximately 7:25am, and fully-removed at 8am," said Singola. "There is no further suspicious activity across our network since, and the total duration of the event was 60 minutes.
"While we use 2-step authentication, our initial investigation shows the attack was enabled through a phishing mechanism. We immediately changed all access passwords, and will continue to investigate this over the next 24 hours."
"Websites need to think long and hard not only about the security of their own servers, but whether the companies who are providing widgets and plugins that power the websites are taking security as seriously themselves," said security expert Graham Cluley in a blog about the incident. "After all, at the end of the day, the typical user is going to view the incident as Reuters being hacked – not Taboola."
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024