Sites using the popular Gigya comment platform were attacked by the Syrian Electronic Army (SEA) today, as hackers used the system that handles domain names to send them SEA messages and re-direct them to different websites.
The Gigya platform itself was not hacked, said experts, and no user data is or was in jeopardy.
The attack hit websites across the world, including news websites and those of sports teams and leagues.
Hackers attacked the Gigya DNS entry at GoDaddy. GoDaddy is a domain registrar that manages domain names, and DNS (Domain Name System) is a technology used to translate domain names such as independent.co.uk into directions to the website itself.
The attackers were able, in some cases, to change those instructions to point towards messages or images, hosted on other websites.
Some users saw messages that said “You’ve been hacked by the Syrian Electronic Army,” while others were re-directed to a page on image hosting site Imgur that showed a crest often used by the group.
Gigya and GoDaddy worked together to fix the issue, which has now been resolved. The redirection is now removed, though the fix might take some time to be shown for all users.
Patrick Salyer, Gigya's CEO, said that no data had been compromised and none was ever at risk.