InMotion, where Blast hosts one of its servers, acknowledged the breach.
“At around 4 a.m. EST, our system administration team identified a website defacement attack affecting a large number of customers. We are still investigating, but it appears that files named index.php have been defaced. We are evaluating how this has occurred and our security team will have more information shortly,” InMotion said in a statement. “While we review this issue, cPanel and SSH access has been disabled on various platforms. For additional security, we are rotating passwords on a number of accounts.”
It is unclear how many sites were hit, but it is likely hundreds, if not thousands.
This morning, the Blast homepage was briefly replaced by a black background with the red letters “Hacked” (See photo below) and all of our blogs and articles were unreachable.
This appears to be the same hacker who successfully attacked Google previously. The Hacker News interviewed TiGER-M@TE, who claimed to be hacking since 2007, working alone, and only using private exploits and zero-day attacks.
In an online posting, TiGER-M@TE claimed responsibility for launching the homepage defacement attack.
“While we can respect TiGER-M@TE’s abilities, we are disappointed that our websites were hit,” said Blast Magazine editor-in-chief John M. Guilfoil. “What truly concerns me, however, is that InMotion Hosting appeared woefully unable to prevent or defend against this kind of attack, even though homepage defacements have been going on seemingly forever. We will consult with InMotion on Monday and plan to press the company to be more proactive in its security if InMotion values its customers.”