The Syrian Electronic Army (SEA) managed to hack Reuters again and redirect quite a few of its visitors to a site under its control on Sunday.
The message on the landing page read, “Stop publishing fake reports and false articles about Syria! UK government is supporting the terrorists in Syria to destroy it. Stop spreading its propaganda.”
Unlike previously, the latest hack didn’t target Reuters directly, but the hack was carried out through one of the advertising networks the news agency uses – Taboola.
Taboola, which offers its services to a number of large media companies, is a content and advertising network that provides content recommendations to news and blog readers
Taboola acknowledged that intruders managed to hack Taboola’s widget on Reuters.com and because of that they were able to redirect users accessing article pages on reuters.com to a different landing page. Taboola claims that the breach was contained in about 35 minutes, while the total duration of the event was 60 minutes.
“While we use 2-step authentication, our initial investigation shows the attack was enabled through a phishing mechanism. We immediately changed all access passwords, and will continue to investigate this over the next 24 hours”, said Taboola founder and CEO Adam Singolda in a blog post.