What is interesting about the hack is that the simple compromise of an ad service (Taboola) was able to inflict this damage. At no time was the actual Reuters page changed. Taboola the ad agency in question admitted that they were responsible for the issue and also stated that they were able to clean up the issue in about 35 minutes once detected. The total time of the hack was about an hour.

Now to make things even more interesting Taboola claims they use two factor authentication, but still fell victim due to a phishing scam. This means that the SEA was able to get through the mainline defenses by compromising someone on the inside with access to what they wanted.

This brings into question just how secure are the companies that manage the ads on sites. This is not the first time we have seen malicious code in an ad module affect readers. Fortunately this time it was a simple redirect and not the spread of malware. If the SEA had a much more malicious intent in mind they could have affected a large number of systems by dropping the code onto anyone that happens by (an hour is a long time).

As of this writing Taboola says they have fixed the entry vector and restored the ad module to proper working order. They have yet to respond to claims that the SEA has hacked into their PayPal account.

Tell us what you think in our Forum