Syrian Electronic Army hack hits sites using Gigya, but all data safe

By exploiting a hole in the system that handles domain names such as independent.co.uk, hackers were able to re-direct users

Andrew Griffin
Thursday 27 November 2014 14:18 GMT

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Sites using the popular Gigya comment platform were attacked by the Syrian Electronic Army (SEA) today, as hackers used the system that handles domain names to send them SEA messages and re-direct them to different websites.

The Gigya platform itself was not hacked, said experts, and no user data is or was in jeopardy.

The attack hit websites across the world, including news websites and those of sports teams and leagues.

Hackers attacked the Gigya DNS entry at GoDaddy. GoDaddy is a domain registrar that manages domain names, and DNS (Domain Name System) is a technology used to translate domain names such as independent.co.uk into directions to the website itself.

The attackers were able, in some cases, to change those instructions to point towards messages or images, hosted on other websites.

Some users saw messages that said “You’ve been hacked by the Syrian Electronic Army,” while others were re-directed to a page on image hosting site Imgur that showed a crest often used by the group.

Gigya and GoDaddy worked together to fix the issue, which has now been resolved. The redirection is now removed, though the fix might take some time to be shown for all users.

Patrick Salyer, Gigya's CEO, said that no data had been compromised and none was ever at risk.

"Neither Gigya’s platform itself nor any user, administrator or operational data has been compromised and was never at risk of being compromised," he said. "Rather, the attack only served other JavaScript files instead of those served by Gigya."

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in