It has emerged that more than 5,000 websites have been hacked and infected with a cryptocurrency mining software.
This means that when someone loads one of the infected websites, their computer is accessed, and its processing power is used to run the mining software.
Websites affected by the hack include:
- Information Commissioner's Office (ICO)
- the Student Loans Company
- United States Courts
- Manchester City Council
- Camden Council
- Croydon Council
- General Medical Council
The crypto-mining software, known as Coinhive, runs as a background application for as long as the user is on the site, and finishes when the webpage is closed. For the greater majority of users, this activity would go completely unnoticed.
John Ward, CyberScanner director, upon hearing the news has said:
This hack has shown that online security isn't something that can be taken lightly. Come May, the ICO will be penalising businesses for not taking active measures to secure their website assets and databases, so the ICO site also falling victim to this hack shows how difficult and complex the journey to being secure can be.
This is one reason why we developed our website vulnerability scanner, CyberScanner. It takes the power away from computer engineers and hackers, and allows everyone to have visibility over their websites' vulnerabilities and take action, before they become a news story such as this.
Reports are that the malicious code was inserted through a vulnerability in a third-party plugin called BrowseAloud, an accessibility aid for users who are blind or partially sighted. The plugin has been taken offline, while the exploit is investigated and patched.
The below image, courtesy of SkyNews and Scott Helme, shows the hacked code in purple amongst the regular code.
TextHelp, the company behind the BrowseAloud plugin, designed the tool to help websites comply with a number of regulations including the EU - Directive 2016/2102/EU, US - Americans with Disabilities Act (ADA), and the AUS - Australian Human Rights Commission Act, making this a global vulnerability.
Had this exploit been used for reasons other than cryptocurrency mining, user data could have potentially been at risk, given that a number of the affected websites hosted payment gateways and other databases.