Search
rtr3q58s
Photograph by Bobby Yip — Reuters

Lenovo website breached, hacker group Lizard Squad claims responsibility

Feb 25, 2015

(Reuters) - Chinese computer and smartphone firm Lenovo Group said its website was hacked on Wednesday, its second security blemish days after the U.S. government advised consumers to remove software called "Superfish" pre-installed on its laptops.

Hacking group Lizard Squad claimed credit for the attacks on microblogging service Twitter. Lenovo said attackers breached the domain name system associated with Lenovo and redirected visitors to lenovo.com to another address, while also intercepting internal company emails.

Lizard Squad posted an email exchange between Lenovo employees discussing Superfish. The software was at the centre of public uproar in the United States last week when security researchers said they found it allowed hackers to impersonate banking websites and steal users' credit card information.

In a statement issued in the United States on Wednesday night, Lenovo, the world's biggest maker of personal computers, said it had restored its site to normal operations after several hours.

"We regret any inconvenience that our users may have if they are not able to access parts of our site at this time," the company said. "We are actively reviewing our network security and will take appropriate steps to bolster our site and to protect the integrity of our users' information."

Lizard Squad has taken credit for several high-profile outages, including attacks that took down Sony Corp's PlayStation Network and Microsoft Corp's Xbox Live network last month. Members of the group have not been identified.

Starting 4 p.m. ET on Wednesday, visitors to the Lenovo website saw a slideshow of young people looking into webcams and the song "Breaking Free" from the movie "High School Musical" playing in the background, according to technology publication The Verge, which first reported the breach.

Although consumer data was not likely compromised by the Lizard Squad attack, the breach was the second security-related black eye for Lenovo in a matter of days.

The U.S. Department of Homeland Security said in an alert last Friday that the Superfish program, which came pre-installed on nearly a dozen Lenovo laptop models, makes users vulnerable to a type of cyberattack known as "SSL spoofing", in which remote attackers can read encrypted web traffic, redirect traffic from official websites to spoofs, and perform other attacks.

Lenovo has since released software to remove Superfish while pledging to never install it on future shipments.

All products and services featured are based solely on editorial selection. FORTUNE may receive compensation for some links to products and services on this website.

Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: http://www.djindexes.com/mdsidx/html/tandc/indexestandcs.html. S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions