In a message posted on its corporate blog earlier this morning, blogging software maker Six Apart essentially admitted that security holes in its Movable Type product(s) are to be blamed for the recent, prominent hacking and defacement of the PBS.org website, which occurred at the end of last month.
Hackers aligned with WikiLeaks at the end of May managed to break into and deface the US broadcaster’s website after it had aired a controversial documentary called WikiSecrets about the whistle-blowing site.
LulzSec, the hacker group that claimed responsibility for the action (and the same group that has been harassing Fox, Sony and Nintendo lately), in a recent interview with Forbes said that the attack was made possible thanks to PBS’s “outdated” content management system.
The hackers had managed to publish a fake report on the PBS website, claiming that legendary rapper Tupac was alive and well living in New Zealand (screenshot below).
The content management system used by PBS was, in fact, Six Apart’s Movable Type software, as had been pointed out by some over the past week.
The company says the impact of the vulnerabilities in its products did in fact allow hackers to “create, read or modify the contents in the system under certain circumstances”.
Suggest you update asap.