Report: iPhoneDevSDK Didn’t Know it Had Malicious Code

Hacker dude

We learned about iPhoneDevSDK yesterday. It’s a site that was injecting malicious code into several major tech websites. Unfortunately, the website owners didn’t know that this was happening.

According to a report from ArsTechnica, the website itself hadn’t been contacted. They learned about this through AllThignsD’s original report. Whoa, what a way to find out, eh? Must have given them a heart attack.

Apparently, one of the site’s administrator accounts was compromised, and someone used that to inject some malicious JavaScript into the site. Here’s a portion of the report:

“What we’ve learned is that it appears a single administrator account was compromised. The hackers used this account to modify our theme and inject JavaScript into our site. That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain user’s computers.”

Employees of major tech companies like Apple, Facebook and Twitter visited the site, and the code was injected into their computers. This caused problems for all three of those major sites. Definitely not fun for the folks who run that site.

[via ArsTechnica]

About 8bitjay

Google + Profile