Security Experts:

PBS Sites Hacked: Attackers Publish False News Story and Login Data

Late Sunday night, hackers gained access to several areas of PBS Web servers and were able publish a fake news story on a PBS news blog. The hackers also published PBS internal user login information that they were able to siphon from PBS databases. The fake story was about rapper Tupac Shakur, who died in 1996 after being shot in Las Vegas, being been found alive and well in a small resort in New Zealand. (See screenshot as the story was taken down)

PBS News Blog Hacked by LulzSecA group going by the name of “LulzSec” claimed responsibility for the hack, saying the attack was a protest against a PBS FRONTLINE broadcast last week about WikiLeaks.

Following the hack, the group posted a humorous update to its Twitter account in attempt to further spice things up: “Dudes. Of course Tupac is alive. Didn't you see that official @PBS article? Why would they lie to their 750,000+ followers?

The group posted login information to two PBS internal sites - one that press use to access PBS PressRoom and an internal communications Web site for PBS affiliate stations.

The group also posted a list of database names and tables appearing to be from a PBS.Org MySQL database.

LulzSec also took a few jabs at PBS.Org admins via Twitter, posting the following update on Monday morning: “Hey @PBS admins, you still trying to regain control? The Lulz Boat sails through your horrendously-outdated kernels! #Sownage next, folks.

Related Reading : Understanding Web Application Security - Defending the Enterprise's New Porous Perimeter

"Last night there was an intrusion to PBS' servers. The erroneous information on the PBS NewsHour site has been corrected,” Anne Bentley, vice president for PBS corporate communications wrote in a statement. "We're notifying stations and affected parties to advise them of the situation," she added.

According to PBS, for NewsHour site visitors, no personal information or email addresses were compromised.

Subscribe to the SecurityWeek Email Briefing
view counter