Mass hack of artists' web pages at Sony BMG
A number of official German websites for artists under contract to Sony BMG were last night hacked into. Websites for Justin Timberlake (where Sony BMG appears to have begun cleaning up the defacement), Christina Aguilera, Britney Spears, Alicia Keys, Aerosmith and many other stars, instead of displaying biographical information, information on the latest album and tour dates, have just been just displaying "XTech Inc Owned the Music Industry... and the rest of it". Many artists who are not under contract to Sony BMG have also had their websites defaced.
Sony BMG has been informed of the incident and is attempting to restore the websites. It is not clear how the sites were sabotaged. It is also not yet clear whether a vulnerability in the software has been exploited.
Looking at the defacement archive on Zone-H, the group XTech Inc has been very active in hacking websites over the last two days. This suggests that the defacement has being automated, and that a widely used web application has been attacked. Generally defacements do not involve gaining complete access to the server and bringing it under the attacker's control, rather they simply involve replacing the index.html file with a file containing content of the attacker's choice.
- Digital Attacks Archive, defacements by XTech Inc