On Saturday, the nius.de news portal, helmed by ex-Bild editor-in-chief Julian Reichelt, suffered a significant cyberattack. The incident involved the “defacement” of its website, where all article headings were replaced with a download link. This link led to a JSON file containing a database of approximately 5700 subscribers, exposing sensitive information such as first names, surnames, email addresses, shortened payment details, and subscription types.
The leaked file, which remains publicly accessible, also included data related to Squidex, an open-source content management system seemingly used by nius.de, and Swagger, a tool for interacting with RESTful APIs.
It appears that the attackers gained unauthenticated access to nius.de’s CMS and customer database, facilitating the data extraction and website manipulation. The method of compromise, whether internal or external, and the specific identity of the attackers are currently unknown.
At present, many details surrounding the incident remain unclear. Nius.de has not yet publicly commented on the attack, the defacement, or the alleged data leak, although the website’s headings have been restored. Questions regarding the authenticity of the published subscriber data and whether data protection authorities have been informed are still awaiting answers from the portal.
The recent attack on nius.de is a notable example of a defacement attack, a type of cyber incident that has become less frequent in recent times.
This kind of attack is designed to alter the visual appearance of a website, often to convey a message or simply cause disruption. However, in this case, it was also coupled with a potential data breach.
This incident echoes a similar, more extensive attack on the Internet Archive (archive.org) late last year. In that instance, malicious actors not only distorted the archive’s content and temporarily paralyzed it with a DDoS attack but also harvested data from 30 million users. Both cases highlight the persistent threat of cyberattacks to online platforms and the critical importance of robust security measures to protect both website integrity and user data.
Reference:
