The Syrian Electronic Army has hacked the Washington Post mobile site. According to reports, visitors to the Post’s mobile site (m.washingtonpost.com) were presented with pop-up messages saying “You’ve been hacked by the Syrian Electronic Army.”
The attack is as a result of a flaw in Washington Post content-delivery partner, Instart Logic. According to the Washtington Post, Instart Logic is currently investigating the break-in.
Washington Post chief information officer Shailesh Prakash said Thursday’s attack affected the Post’s mobile homepage and “some section fronts on the mobile site,” but not article pages.
“The situation has been resolved and no customer information was impacted,” said Prakash in a statement.
Elias Manousos, CEO of security vendor RiskIQ explained the problem of websites relying on third party providers. “Our researchers recently found that 61 percent of bank websites are hosted externally. The problem is that just like with any technology, third-parties have vulnerabilities too. Things like exploits, crimeware or phishing sites can all be exposed to users very easily if for instance a CDN or digital ad is breached.
“With so many third-party technologies integrated into so many websites, it’s extremely difficult for organizations to defend their digital footprint from this form of attack.”