TechCrunch hacked! Its unbelivable but true. As I visited the top tech blog, I found the entire TechCrunch.com site is offline and this notice is posted
A lot of blogs were buzzing and found different screenshots. Inqusitr says as of 10:20pm PDT Monday (Jan 25) TechCrunch was offline with a message that simply stated “hi” on its main page.
Technologizer says they found this bad worded message posted
Techie-Buzz found a rapidshare download link onsite
Its seems the secuity exploit which enabled hackers to take Techcrunch offline and post spam messages and links is not yet identified as TC continues to be offline.
Techcruch is powered by WordPress (like us) and they must surely be runing the latest WordPress version. Are you still running an older WordPress version, upgrade now as everyone knows your wordpress version. Here are some 3 WordPress security tips I learnt from Matt Cutts and some top WordPress security plugins you need to check out.
This clearly exposed the vulnerability of top blogs to online threats and yet unfound security exploits. Its is very essential to keep backups of your blog. TechCrunch has the best of tech support, security experts and network engineers, if they can get hacked, any blog can get hacked…
Update: It seems Techcrunch got hacked again and the hacker was annoyed with the interstitial ad. So was WordPress the cause? I read this comment by Mark Jacquith and am now more wary of using unsecure WordPress plugins.
They probably didn’t get “onto the server” in terms of getting shell access. More likely is an insecure plugin that allows PHP injection. Their wp-admin is HTTP Auth protected, so it’s unlikely that someone did this with a WordPress account. They’d have to know the HTTP Auth user/pass as well.