An IBM site for developers was defaced over the weekend, with attackers replacing some of the Web pages on the site with ones containing their own messages, IBM confirmed Monday.
Word of the vandalism, which took place on the IBM DeveloperWorks site, was first posted late Saturday on the Full Disclosure security mailing list.
[ Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. ]
IBM restored the original pages within a few hours, though copies of the compromised pages were quickly reposted elsewhere.
No data was lost, nor were any user passwords exposed during the breach, said an IBM spokesman. The site was undergoing routine maintenance during the time of the breach.
The defaced pages were draped in black and titled "Defaced by Hmei7." They contained the scrolling message: "You have been Hacked !!!, not because of your stupidity That's because we love you, and we want to warn you That your web still has large of vulnerability."
One security firm, the Oświęcim, Poland-based Ariko Security, claimed on the Full Disclosure list that it contacted IBM seven months prior to this breach to warn the company of the site's vulnerabilities. Ariko employee Maciej Gojny identified a number of techniques that could be used to gain access to DeveloperWorks and a number of other IBM sites, including Cross-Site Scripting, Directory Traversal, and Frame Injection.