updated 04:02 pm EDT, Thu August 15, 2013
Outbrain spearphished by Syrian Electronic Army, service still down
Article and website recommendation service Outbrain, used by media outlets like the Washington Post, CNN, USA Today, Time, and others has suffered a hacking attack by the Syrian Electronic Army. The company's staff is to blame -- on the evening of August 14, the company was the victim of a "spear phishing" email, asking employees to input login credentials to see the letter from the purported CEO.
A setting was changed on Outbrain's administrative console to label recommendations as "Hacked by SEA". At 10:23 AM, the Syrian Electronic Army claimed responsibility for the attack. Outbrain staff was made aware of the breach 10 minutes later, and service to all customers was cut by 11:03. The company is reviewing all systems before it restarts the service. Outbrain claims that the breach is now secured, and is "working hard to prevent future attacks of this nature."
The Washington Post attack was a bit more severe -- it appears that code was injected into the Post's website using the Outbrain widget, redirecting visitors to a different website. Washington Post managing editor Emilio Garcia-Ruiz said to Mashable that the SEA "claimed they gained access to elements of our site by hacking one of our business partners, Outbrain."
The SEA's last high-profile attack was in April, when the group claimed credit for breaking into the Twitter account of the Associated Press.A false report was sent from the compromised account that claimed that a bomb had gone off in the White House. The message forced the Dow Jones industrial average down more than 100 points nearly immediately.