A wide proportion of sites, including CNBC, the Canadian Broadcasting Corporation and the Boston Globe in North America, and The Telegraph, OK Magazine, Time Out in the UK were attacked via an exploit in the websites’ content delivery networks.
CNET describes the attack as ‘indirect’, switching addresses through Gigya – “a startup that handles identity matters”. They didn’t gain access to Gigya’s servers, but redirected traffic to their own, which resulted in a pop-up message that told users “You’ve been hacked by the Syrian Electronic Army.” The Independent – one of the sites hit by the attack – claims that Gigya’s DNS records were changed through GoDaddy.
“Gigya has the highest levels of security around our service and user data. We have put additional measures in place to protect against this type of attack in the future,” he added.
Despite this, the attack will have unsettled those who saw the messages during their visits to well respected sites. As CNET puts it: “Nevertheless, the attack, which was very visible to many users, shows the influence a hacking group can have even without getting detailed customer data. And with major attacks on companies like Target, Nieman Marcus and Home Depot fresh in mind, people have a right to be on edge.”