A hacker breached the website of the daily Prothom Alo on Monday to issue a warning, mentioning “security vulnerabilities in a message to its editor and staff.
However, the hacker said there was no intention to cause harm to Prothom Alo.
The warning could be seen on Prothom Alo's website in the morning but did not prevent access to news on the site and was no longer visible at the time of writing.
Addressing Matiur Rahman and the team at Prothom Alo, the hacker said they wanted to clarify that they were not the daily’s enemy, “nor do I intend to harm the assets of Prothom Alo, the most widely read and trusted Bangla newspaper.”
“However, there are significant security flaws in the content management system (CMS) developed by Quintype Technologies India Limited, which you use to publish news online.”
The hacker said these vulnerabilities could be exploited by malicious individuals or entities to alter, edit or publish false information in the form of news, potentially spreading rumours among the public using Prothom Alo’s credibility.
“Therefore, I am publishing this message to warn you. I am willing to present all security vulnerabilities to your tech team and executives and collaborate to fix them swiftly.”
Raihanul Islam, a cybersecurity expert, said someone had exploited a significant vulnerability in the website's CMS and defaced the site, displaying a hacker's warning message.
“For those unfamiliar with website defacement, it is a form of cyberattack where a hacker gains access to a website through vulnerabilities or by uploading a web shell. The hacker then alters the site's original content and replaces it with their own message, often directed at the website's owners. These messages can be personal, political or even economically motivated, usually ending with the hacker’s alias or the name of a hacker group.”