The website Boing Boing revealed it was hacked earlier this month.
In a Jan. 13 post, the site explained someone logged into the site ad installed a widget to “redirect users to a malware page hosted at a third party.”
According to the announcement, Boing Boing thought it was an advertising issue at first, but it did figure out it was hacked and deleted the code. Moving forward, Boing Boing said it changed passwords and checked the log of the user who hacked the site.
“We also took steps to modify our CMS to ensure a separate audit log (outside our 72-hour access logs) will be maintained in the future to help us track down administrative actions within our publishing software in the event of future breaches, so we are able to take action and determine the scope of a breach more thoroughly in the future,” Boing Boing wrote.
iMediaEthics has written to Boing Boing to ask if it determined who hacked it, if any changes besides the widget were made, and if the hacker got through two-factor authentication.