“They modified the CDN settings so that instead of serving PageFair's JavaScript, it served malicious JavaScript. During this time, visitors to websites owned by the publishers who have placed their trust in us were targeted by these hackers.”įollowing a spearphishing attack that gave hackers access to a key email account, a password reset was performed to hijack PageFair’s account via a Content Distribution Network (CDN) service used in serving the analytics’ Javascript tag. We identified the breach immediately, but it still took over 80 minutes to fully shut it down. He wrote, “The attack was sophisticated and specifically targeted against PageFair, but it is unacceptable that the hackers could gain access to any of our systems. On Sunday, November 1, CEO Sean Blanchfield addressed the incident with a blog entry accounting how the hack took place and the measures that were undertaken to mitigate damage caused by the breach. GMT last Saturday were likely exposed to risk, but would only be affected if they clicked on a link masquerading as an Adobe Flash update. This means that online users visiting affected sites from a Windows computer between 11:52 P.M. Hackers successfully compromised the three-year-old Ireland-based startup by making use of malicious JavaScript code injected into websites that ran the firm’s core service. PageFair confirmed a hack last Halloween weekend that rendered users who visited 501 unnamed sites that used its free analytics service vulnerable to malware attacks.
0 Comments
Leave a Reply. |