Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blogger Hacked

Posted by michael on from the it-must-be-friday dept.

WCityMike writes "Blogger has been severely hacked into, with users' passwords and e-mail addresses being replaced with 'hacx0redbyme' or 'hax0redbyme.' Apparently, attempts to change your password or other information do not succeed due to a major database problem. Blogger currently has no official news: its main page simply apologizes for being down for repairs and its status blog has no information, probably suffering from the same accessing problem as other blogs. In the meantime, discussion, information, and advice is appearing on the weblogs of Anil Dash and Tom Coates, as well as this QuickTopic thread. Glad I use another journaling service." We usually try to avoid "Site X Hacked!" stories, but since this affects so many people - and, heh-heh, they don't have anywhere else to talk about it - here you go.

6 of 340 comments (clear)

  1. Blogger's troubles by spookysuicide · · Score: 5, Informative

    Blogger has been having a lot of troubles lately, if you can find your own web hosting, you may want to consider using the very easy to set-up movable type.

    --
    yes i run a goth/punk/emo porn site.
  2. recommendation by flanker · · Score: 5, Informative

    Disable or reset the password of the account used to FTP your blog to your web server ASAP.

    --
    Left shift 1 for e-mail...
  3. While Everyone by SomeOtherGuy · · Score: 5, Informative

    is looking for alternatives. b2 is a really good and powerful altewrnative. PHP, MySQl, and all the goodies.

    --
    (+1 Funny) only if I laugh out loud.
  4. Status Blog now has info by burgburgburg · · Score: 5, Informative
    As of 10:02 am, the status blog now reports:

    Blogger has suffered a security intrusion by a "haX0r." We have all the data that was changed backed up within a couple hours of the attack, so we can have things pretty much back to normal soon. Of course, we're assessing the situation as thoroughly as possible to make sure it doesn't happen again. Also, if you store your FTP login information in Blogger, it wouldn't hurt to change that on your server--though it is unlikely that information was accessed. Sorry for the inconvenience.

  5. Re:Blogger runs windows..... by ChazeFroy · · Score: 5, Informative

    My money is that these guys got in with an application-level hack, not an OS/server hack. The biggest fault of applications, especially web applications, is a failure by the programmer to do input validation.

    Apache, perl, and php are vulnerable to the same type of hacks, it's not just Microsoft.

  6. blogger back up by ntk · · Score: 5, Informative
    Blogger's status page was just updated (1150am-ish PST) to say this:

    We have found the cause of the vulnerability and have patched it. Everything is back restored and back online with the exception of the API server and bSTATS.