Image Credit: ZDNet
Nothing like a little healthy paranoia to make your weekend interesting.
If you needed another reason to keep your passwords different per website, we’ve got one right here for you.
A massive cyber attack occurred this week as hackers managed to insert malware into the code used by Picreel and open-source Alpaca Forms, both commonly utilized by various websites. The attack resulted in over 4,600 websites being put at risk of having their users’ payment data and passwords stolen.
The first part of the hack consisted of the hacking of Picreel, which affected more than 1,200 websites. A CloudCMS hack also occurred, this one affecting 3,400 websites. The incidents were revealed by researcher Willem de Groot on Twitter.
However, CloudCMS replied to the tweet, saying that the incident only affected the open-source project Alpaca Forms. “We investigated this. It wasn’t related to Cloud CMS but rather to the Alpaca forms open source project.”
We investigated this. It wasn’t related to Cloud CMS but rather to the Alpaca forms open source project. We removed the free hosting of those infected js files for now. And will get them back online as quick as we can. Thank you for all of the information you provided!
— Cloud CMS (@CloudCMS) May 12, 2019
CloudCMS also gave a probable explanation as to how the hack happened. “The Alpaca CDN was origin backed. It seems like a basic httpd known vulnerability they may have exploited.”
No. The Alpaca CDN was origin backed. It seems like a basic httpd known vulnerability they may have exploited.
— Cloud CMS (@CloudCMS) May 13, 2019
As of writing, CloudCMS has already begun removing the infected JavaScript files from the affected websites. Still, may this serve as a lesson to everyone to always keep their accounts as secure as possible and to never reuse passwords in different websites.
