Chinese computer and smartphone firm Lenovo said its Web site was hacked yesterday, its second security blemish days after the US government advised consumers to remove malware-like software called Superfish pre-installed on its laptops.
On Twitter, hacking group Lizard Squad claimed credit for the attacks. Lenovo said attackers breached the domain name system associated with Lenovo and redirected visitors to Lenovo.com to another address, while also intercepting internal company e-mails.
Lizard Squad posted an e-mail exchange between Lenovo employees discussing Superfish. The software was at the centre of public uproar in the US last week when security researchers said they found it allowed hackers to impersonate banking Web sites and steal users' credit card information.
In a statement issued in the United States last night, Lenovo, the world's biggest maker of personal computers, said it had restored its site to normal operations after several hours.
"We regret any inconvenience that our users may have if they are not able to access parts of our site at this time," the company said. "We are actively reviewing our network security and will take appropriate steps to bolster our site and to protect the integrity of our users' information."
Lizard Squad has taken credit for several high-profile outages, including attacks that took down Sony's PlayStation Network and Microsoft's Xbox Live network last month. Members of the group have not been identified.
Starting at 4pm ET on Wednesday, visitors to the Lenovo Web site saw a slideshow of young people looking into Web cams and the song "Breaking Free" from the movie "High School Musical" playing in the background, according to technology publication The Verge, which first reported the breach.
Although consumer data was not likely compromised by the Lizard Squad attack, the breach was the second security-related black eye for Lenovo in a matter of days.
The US Department of Homeland Security said in an alert last Friday that the Superfish program, which came pre-installed on nearly a dozen Lenovo laptop models, makes users vulnerable to a type of cyber attack known as "SSL spoofing", in which remote attackers can read encrypted Web traffic, redirect traffic from official Web sites to spoofs, and perform other attacks.
Lenovo has since released software to remove Superfish, pledging to never install it on future shipments.
Share