Skip to main content

4,600 websites breached, hackers gathering submitted data

(Image credit: Image Credit: The Digital Artist / Pixabay)

More than 4,600 websites have been compromised by malicious code, security researchers have warned. 

These websites were compromised through two separate third parties – Picreel and Alpaca Forms. PIcreel is an analytics service, while Alpaca Forms is an open-source project for web forms. Through Picreel, 1,249 websites were compromised. The Aplaca Forms malicious code was found on 3,435 domains.

Hackers managed to modify JavaScript files on the infrastructure of these two projects, it was said. The worst part is – the malicious code is still live at the time of writing, so the risk is still present.

Cloud CMS CTO, Michael Uzquiano, told the media that one Alpaca Forms JavaScript file on its CDN was compromised.

It is yet unknown how the breach took place, or who did it. What we do know, however, is that it was done by the same entity. The malicious code logs all content that the users enter into the form fields and moves that data to a server in Panama.

"There has been no security breach or security issue with Cloud CMS, its customers or its products," the company said in a statement.

According to ZDNet (opens in new tab), these types of attacks have become quite common lately. Hackers have realised that it’s easier to attack the company through the supply chain, rather than striking directly.  

They usually target companies that build chat widgets, live support, analytics, etc.

Image Credit: The Digital Artist / Pixabay

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.