October 26, 2017. jQuery weblog hacked. Not the primary time the positioning has been hit, and it’s fairly a reduction that the library stays intact.
Their official WordPress weblog (weblog.jquery.com) was defaced with a put up that learn “S.O.A. was right here!” adopted by the hackers’ pseudonyms “str0ng & n3tr1x.” It appeared on the URL http://weblog.jquery.com/2017/10/26/hacked/(now eliminated). A screenshot is the one remnant of the jQuery weblog put up printed underneath jQuery core member Leah Silber’s title:
Maybe the hackers merely reused a leaked password from a earlier information breach or gained unauthorized entry via exploiting a identified or zero-day vulnerability, both from the WordPress script or the server itself.
The jQuery web site was compromised with malware assaults twice in the identical month of September in the course of the 12 months 2014, the place company have been redirected to an RIG exploit package. Like latest 2017 assault, library information weren’t affected or modified. Furthermore, no proof was discovered whether or not code.jquery.com server was compromised this time round.
Apparently, mining service Coinhive was additionally hacked on October twenty third through their DNS supplier Cloudfare. The modified model tricked tens of millions of web site guests’ CPUs to mine cryptocurrencies to the hacker’s comfort. The browser-based cryptocurrency miner admittedly didn’t create distinctive account passwords, nor even trouble to vary it for 3 lengthy years.