October 25, 2002 11:46 AM PDT
Blog site back up after hack attack
The hack compromised individual accounts, locking out site users from their blogs.
Pyra has taken the machine that was compromised offline and restored the Blogger site from its redundant servers, said Jason Shellen, the company's director of business development. Users whose accounts were compromised should be able to access them again, he said.
Pyra has not yet determined when the hacker first got access to Blogger accounts, but the attack appeared to have started early Friday morning, Shellen said. Pyra took down the Blogger site at around 9 a.m. PDT, and it was offline for about two and a half hours, he said. It was brought up at about 11:25 a.m.
While it was down, visitors to Blogger.com were unable to access individual blogs or set up blog accounts.
"Blogger is down for repairs. Please check back soon. Sorry for the inconvenience," a note on the site said.
Blogging, essentially the process of keeping an online journal of daily observations, has started to catch on with the mainstream. Celebrities, such as former "Star Trek" star Wil Wheaton, have their own blogs as well. Meanwhile, blogging has been the subject of a series of Doonesbury comic strips this week.
Blogger has been one of the more popular Web log sites. The site now has about 875,000 users who publish some 930,000 blogs, according to Shellen.
Shellen didn't know how many of those accounts had been compromised.
In postings on the Web, some Blogger customers worried
Blogs: More than a trend--a resource
But Pyra believes the hack was a fairly low-level attack that didn't compromise outside accounts or credit card information, Shellen said. Credit card data, for instance, is kept on a different sever from the one that was attacked, he said.
"From what we can tell, this looks like a pretty juvenile job," Shellen said. "There's no way that (the credit card data) could have been breached."
Blogger customer Mark discovered that his account had been compromised around 6:40 PDT this morning when he was unable to log into his blog. When Mark, who asked that his last name not be used, requested that Blogger send him a new password for his account, the system instead sent the password to what he believes was the hacker's address. The Boston tech writer said he was unable to contact Blogger to alert them to the breach.
"It shows we really take security for granted after a while," he said.