ANTI AD-BLOCKING ANALYTICS OUTFIT PageFair has admitted to a breach that caused websites making use of its service to spread malware to visitors on Windows PCs.
"We noticed the security breach within five minutes, but it took until 01:15 (83 minutes) to fully rectify the situation," Sean Blanchfield, CEO of PageFair said. "After this time visitors were no longer affected."
The firm also offered a note to the 3,000 publishers using its analytics services that provides information about how much advertising revenue is lost owing to ad-blockers.
"If you are a publisher using our free analytics service, you have good reason to be very angry and disappointed with us right now," the company said.
"I am very sorry that this occurred and would like to assure you that it is no longer happening."
Security expert Mikko Hypponen was quick to catch wind of the PageFair breach, and took to Twitter to virtually shake his head at the company.
After Pagefair was hacked, it was pushing malware instead of adblocker avoidance scripts. (adobe_flashplayer_7.exe) https://t.co/vw7zDKegDX— Mikko Hypponen (@mikko) November 1, 2015
PageFair isn't pleased with itself either, and has detailed the steps it plans to take. The firm has already changed passwords company-wide and will now assess the level of access to company documents that the hackers may have gained and "analyse which security practices failed and which could be strengthened".
Ben Hartnett, VP of EMEA at security firm RiskIQ, has said PageFair shouldn't blame itself too much, and told us that this latest breach shows that hackers, by targeting a third-party service, are wisening up.
"We all know that hackers are getting smarter about how they distribute malware. The latest attack on PageFair shows how hackers are now actively targeting third-party components in a bid to reach a much larger number of victims," he said.
"By compromising PageFair’s analytics service, hackers were able to distribute malicious code to visitors of any website using this service. With organisations increasingly relying on their online presence to engage with customers, this style of attack is only going to increase, especially with organisations adopting more third party components to stay ahead of the competition."
The breach of PageFair's systems, probably by hackers who don't agree with its anti ad-blocking stance, is the latest in a long line of incidents. TalkTalk suffered a major attack on its systems last week, while Vodafone customers suffered a hack over the weekend. µ
The week in Google in brief
Sega hedgehogging its bets
And not a purple duck in sight