Ghost Confirms Hack Attack: 750,000 Users Spooked By Critical Vulnerability
Yesterday, a popular open-source blogging platform with over 2 million installs, Ghost, confirmed that it was hacked. Ghost’s customers include industry giants such as NASA, DuckDuckGo, and Mozilla as well as 750,000 other registered users. Early on the morning of May 3, the site stated on its website that it was investigating an outage, however, by 10 a.m. it was clear that the service had been hacked.
The incident reportedly affected Ghost Pro sites and Ghost.org billing services. Ghost has stated that it has no evidence as of right now that credit card information has been compromised at this stage of the investigation, further claiming that there were no user credentials stored in plain text. Later on May 3, Ghost revealed that SaltStack vulnerabilities were used on the serves, attempting to mine cryptocurrency. However, the mining attempt instead of spiked CPUs and overloaded the platform’s systems.