Taboola hack allows SEA to redirect Reuters site visitors

Share this article:
Hacker collective Anonymous has released a second list of FEMA contact information.
On Monday, ad network Taboola confirmed that it was hacked by the Syrian Electronic Army.

Ad network Taboola, whose widget was hosted on Reuters.com, has revealed that it was compromised by the Syrian Electronic Army.

Over the weekend, reports about Reuters site visitors being redirected to a hacker-operated web page began to surface. And by Monday, Taboola confirmed via a company blog post that it had been hacked on Sunday morning– as well as the chain of events that led to the incident.  

Ultimately, users trying to read a Reuters article titled, “Attack from Syria kills teen on Israeli-occupied Golan,” were redirected to a page saying, “hacked by Syrian Electronic Army.” A message also taunted the news organization, telling Reuters to “stop publishing fake reports and false articles about Syria."

According to Taboola, hacktivists used a phishing lure to carry out the feat.

“The attacker used the fact [that] a Taboola user, who had access to widget editing capabilities within our back-office dashboard ("Backstage"), used the same password for [their] email account and Backstage,” the blog post said. “This user fell victim to a targeted phishing attack, and provided their email password to the attacker. While we used two-factor authentication for our email, we didn't use such methods for Backstage, and so the attacker was able to get in.”

With newfound access, SEA was able to edit the header of a Reuters widget, adding an HTML meta refresh tag, which allowed the redirection, Taboola revealed.

Last August, SEA used a similar attack scheme to target The Washington Post, CNN and Time. In that incident, visitors who clicked recommendation links featured on any of the victim sites were redirected to pages controlled by the pro-Assad hacker collective. SEA compromised a third-party content recommendation service called Outbrain, to facilitate the hack.

As of Monday, Taboola said the SEA incident was “fully resolved,” after it blocked the attacker's access to the account in question.

The company also said that it would develop two-factor authentication for Backstage users, and remove a dashboard feature which allows users to enter HTML snippets for widget parts.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Researchers observe more than a hundred connections to 'Backoff' sinkhole

Researchers with Kaspersky Lab were able to sinkhole two command-and-control servers used by certain Backoff point-of-sale malware samples.

Judge lifts stay but Microsoft won't hand over emails during appeal

A judge has lifted a suspension of a previous order compelling Microsoft to hand over customer emails stored on a server in Ireland.

Home Depot investigates possible payment card breach

Home Depot investigates possible payment card breach

Home Depot said on Tuesday that it is working with its banking partners and law enforcement to investigate a possible data breach.