The OpenSSL home page got hacked due to hosting provider

Posted Jan 5, 2014
The OpenSSL homepage was hacked a few days ago. OpenSSL is a popular cryptography library. Fortunately, just the homepage was temporarily affected. OpenSSL’s technology heavily emphasizes on security so how did the hack happen?
OpenSSL wrote this in a report:
    The OpenSSL server is a virtual server which shares a hypervisor with other customers of the same ISP. Our investigation found that the attack was made through insecure passwords at the hosting provider, leading to control of the hypervisor management console, which then was used to manipulate our virtual server.

OpenSSL’s hosting provider is IndIT Hosting so this may slightly tarnish the hosting company’s image. There was not vulnerability exploited in the attack, but I’m sure that Indit Hosting will improve their practices for choosing passwords.

Here is what the homepage looked like after the hack:

[Image Credit: ZDNet]