By Trisha Thadani and Kiera BlessingGlobe Correspondents November 28, 2014
Boston.com and several other news and retail websites could not be accessed for a time Thursday after a third-party service provider used by the sites was hacked.
A group called the Syrian Electronic Army claimed responsibility, according to a statement from the third-party sever, Gigya. The Syrian Electronic Army supports Syrian president Bashar Assad and claims to have hacked dozens of websites, such as CNN, Forbes, UNICEF, and Microsoft.A post on Gigya’s blog by chief executive Patrick Salyer said the company experienced “sporadic failures” with access to its service starting about 6:45 a.m. Thursday. The issue was largely resolved by 7:40 a.m.
The company said no user data had been compromised.
“To be absolutely clear: Neither Gigya’s platform itself nor any user, administrator, or operational data has been compromised and was never at risk of being compromised,” Salyer said.
When users accessed the affected websites Thanksgiving morning, they were greeted by a pop-up that read, “You’ve been hacked by the Syrian Electronic Army (SEA),” and then were redirected to an image of the group’s logo, according to an article on Boston.com.
Boston.com deputy editor Hilary Sargent said she was not aware of the site previously being affected by such an episode.
The hackers took control of Gigya’s domain name and altered its settings to direct users to another website, Salyer said.
Several affected companies, including Office Depot, the New York Daily News, the Dallas Morning News, and Boston.com confirmed that they had been affected. Others, such as Microsoft, said they were not aware of any problem with their website, despite the Syrian Electronic Army’s claims.
Salyer said Gigya has “the highest levels of security around our service and user data” and that the company has “put additional measures in place to protect against this type of attack in the future.”
In October, the Massachusetts Maritime Academy’s website was hacked by an extremist group three times in two days. Those trying to use the site were redirected to a photo of what appeared to be a soldier’s grave, with Arabic writing beneath the photo.
The academy’s president, Rear Admiral Richard Gurnon, called the hack a “case of mistaken identity,” saying the website could be mistaken for the Naval Academy’s by someone who doesn’t speak English well.
The Maritime Academy’s site was taken offline until the issue was resolved.
The Syrian Electronic Army does not claim to have any affiliation with extemists.
Trisha Thadani can be reached at [email protected]. Kiera Blessing can be reached at [email protected].