Known as the world’s most popular modern open source broadcasting platform, Ghost has confirmed that it was cyber-attacked today at night. In the statement made by the company, it was stated that credit card or user data was not damaged by the attack.
Ghost, a free open source blogging platform designed for online publications, confirmed in a statement today that cyber-hackers were attacked. The company, which has launched itself as the “most popular modern open source broadcasting platform in the world”, has more than 750 thousand registered customers and many giant institutions and organizations such as Mozilla, NASA and DuckDuckGo.
On the platform with more than 2 million downloads in total, 6,920 new posts were created last week by users, including authors, podcaster (podcasters) and video creators.
The company issued a statement about the details of the attack:
The company, which was attacked today, May 3, also stated that it is investigating the reason for the interruption in a service update that it released at night. At noon, it was understood that what caused the interruption was cyber attacks. “An attacker used a CVE in SaltStack master to access our infrastructure,” on May 3, 2020, at 01.30 UTC (TSI 04.30), the company said in a statement.
It is stated that the critical vulnerabilities cited are in SaltStack, an open source configuration management created using the Python software language. The cyber attack affects Ghost Pro sites and Ghost.org billing services, while attackers are thought to be unable to access credit card information or any user references stored in plain text. “There is no direct evidence that private customer data, passwords or other information is compromised,” the company said on the subject.
In another statement made by the company at TSI 15.46, it was reported that SaltStack vulnerabilities were used to extract cryptocurrencies on Ghost servers, according to early research results. Security specialist John Opdenakker stressed the importance of installing the latest patches in a statement about the Ghost attack attempt.