The PBS.org website, and data associated with the PBS television network, its programs, and its affiliate stations, appear to have just been hacked by an entity calling itself LulzSec (or "The Lulz Boat"). The hack was made public around 1130pm ET, Sunday, May 29, and included cracking the PBS server, posting a bogus news story and some defacements, and publishing what appear to be thousands of passwords.
The information compromised and published included network, server, and database details and logins, as well as user login data for some PBS staff and contractors. As of 3:24am ET Monday, some defacements are still live on pbs.org.
The group that carried out the hack claims they are not affiliated with "Anonymous", and that the action is retribution for the recent "Wikisecrets" episode on Wikileaks, which was perceived by Wikileaks and its supporters to be unfair to Wikileaks.
According to an article in the Australian edition of IT security publication SC Magazine, LulzSec has gone after other media entities in recent weeks: Fox News Network and the TV show X-Factor are reported as prior targets. As the name implies, LulzSec would appear to be in it for the proverbial lulz, rather than, say, financial gain.
Greetings, Internets. We just finished watching WikiSecrets
and were less than impressed. We decided to sail our Lulz Boat
over to the PBS servers for further… perusing. As you should
know by now, not even that fancy-ass fortress from the third shitty
Pirates of the Caribbean movie (first one was better!) can withhold our
barrage of chaos and lulz. Anyway, unnecessary sequels aside… wait, actually:
second and third Matrix movies sucked too! Anyway, say hello to the insides
of the PBS servers, folks. They best watch where they're sailing next time.
The PBS program Frontline (and specifically the producers of the "Wikisecrets" episode), may have been the stated target, but the scope of intrusion was significantly more broad. And the Frontline site and its "Wikisecrets" subsite don't show any signs of a hack at all.
LulzSec posted an overview of the data and defacements here.
Here's a cache of the fake "Tupac still alive in New Zealand" story the intruders posted. Unfortunately, Tupac remains dead, and PBS NewsHour social media and online engagement point person Teresa Gorman spent Sunday night on Twitter repeating this fact to dozens of incredulous individuals and news organizations [partial screengrab of @gteresa's Twitter feed here].
Here's a copy of the "Free Bradley Manning" defacement page LulzSec posted, featuring the "nyan cat" meme.
Below, a screengrab of @LulzSec's Twitter timeline documenting the attack. Click for full size.
UPDATE, 2:34am ET Monday: A new defacement just popped up here, implying @lulzsec still has access and control.
UPDATE, 3:50am ET: Wired story here, New York Times story here.
UPDATE, 5:50pm ET, Monday: PBS issued a statement on the hack; shortly afterwards, new evidence of hacking/takeover/defacement was visible at the PBS Frontline url (http://www.pbs.org/wgbh/pages/frontline/), then disappeared. (via Greg Mitchell)