Melbourne IT has pinned the security breach that brought down the New York Times website this morning on a targeted phishing attack on one of its resellers.
Hackers who claimed to be from the Syrian Electronic Army broke into domain name registrar Melbourne IT systems this morning to redirect traffic going to nytimes.com.
Melbourne IT said hackers, who used an Indian internet service provider, accessed its systems via a US-based reseller’s login details.
The credentials were stolen using a targeted phishing email; hackers spoofed the email address of someone who was familiar to the reseller’s staff, and sent out an email with a link to what looked like a news story.
On clicking the link, staff were redirected to a fake Melbourne IT log-in page that asked for their details.
“We have now identified that a targeted phishing attack was used to gain access to the credentials of users of a Melbourne IT reseller account,” Melbourne IT CTO Bruce Tonkin said.
“We have obtained a copy of the phishing email and have notified the recipients of the phishing email to update their passwords.
“We have also temporarily suspended access to affected user accounts until passwords have been changed.”