Syrian Electronic Army hack hits sites using Gigya, but all data safe

By exploiting a hole in the system that handles domain names such as independent.co.uk, hackers were able to re-direct users

Andrew Griffin
Thursday 27 November 2014 14:18

Sites using the popular Gigya comment platform were attacked by the Syrian Electronic Army (SEA) today, as hackers used the system that handles domain names to send them SEA messages and re-direct them to different websites.

The Gigya platform itself was not hacked, said experts, and no user data is or was in jeopardy.

The attack hit websites across the world, including news websites and those of sports teams and leagues.

Hackers attacked the Gigya DNS entry at GoDaddy. GoDaddy is a domain registrar that manages domain names, and DNS (Domain Name System) is a technology used to translate domain names such as independent.co.uk into directions to the website itself.

The attackers were able, in some cases, to change those instructions to point towards messages or images, hosted on other websites.

Some users saw messages that said “You’ve been hacked by the Syrian Electronic Army,” while others were re-directed to a page on image hosting site Imgur that showed a crest often used by the group.

Gigya and GoDaddy worked together to fix the issue, which has now been resolved. The redirection is now removed, though the fix might take some time to be shown for all users.

Patrick Salyer, Gigya's CEO, said that no data had been compromised and none was ever at risk.

"Neither Gigya’s platform itself nor any user, administrator or operational data has been compromised and was never at risk of being compromised," he said. "Rather, the attack only served other JavaScript files instead of those served by Gigya."