05 Jun 2012

CloudFlare CEO’s Account Used to Attack a Company Client

CloudFlare CEO Matthew Prince fell victim to a social engineering attack launched by a group of hackers. The incident yielded the username and password of the CEO’s business account, which has been further used against 4chan, a popular Internet forum hosted by CloudFlare.

Google’s two-factor authentication system was apparently bypassed by the wrongdoers in their attempt to seize control of the CEO’s Gmail account, despite a strong and randomized password.

Like thousands of other companies, CloudFlare uses Google Apps for email. When we first established CloudFlare.com's email address, I listed my personal email address as a recovery email for my account. The hacker was able to use Google's password recovery and have the password reset sent to my personal email for my CloudFlare.com address" CloudFlare’s Matthew Prince states in a blog post.   

A thorough investigation, conducted by Google and CloudFlare together, revealed that the attack targeted only one particular CloudFlare client, specifically 4chan, as no other clients’ data appeared to be accessed or compromised in any way; no impersonations of the company’s CEO were made, no unauthorized posts were uploaded in the name of the company’s CEO and no company systems were accessed.

Hacktivist group UGNazi - that only a few days back claimed responsibility for the attack against the commercial billing company WHMCS – seem to be behind this hit as well. After seizing control of the 4chan account, hackers manipulated 4chan's DNS records to redirect queried towards the hacktivist group's Twitter page.   

In a Pastebin post, the group bragged about the twofold motivation behind this attack. On the one hand, it is an alleged attempt to shut down the playground used by child offenders to post their illegal and immoral materials. On the other hand, it is an act meant to serve as show off.