Websense warns of Amnesty International website hack

Internet browser

Visitors to Amnesty International's UK site this week may have had their personal details stolen, according to security vendor Websense.

The company claims the site was compromised for two days (8-9 May), after it was allegedly injected with malicious code.

Without the right defences, it might be much more than a charity donation the malware authors steal.

In a blog post, alerting users to the vulnerability, Websense said: "During that time, website users risked having sensitive data stolen and infecting other users in their network.

"However, the website owners rectified this issue after we advised them about the injection."

Websense claims the malicious code is the same one used to spread the Mac OS X Flashback malware, which is understood to have infected more than 600,000 Mac computers.

The Websense blog post also claims other Amnesty International sites have been targeted in a similar way.

"In early 2009, we discovered this same site was compromised, and in 2010 we reported another injection of an Amnesty International website, this time [in] Hong Kong," it stated.

Carl Leonard, senior manager of Websense, said the code could be used by hackers to gain access to infected machines and steal data.

"This compromise is more serious than your average," said Leonard. "Companies need effective real-time inline security to protect against infection [because] without the right defences, it might be much more than a charity donation that the malware authors steal."

In a statement to IT Pro, Amnesty International played down the incident, stressing that no user details would have been compromised.

"As soon as we became aware of the infection we worked with our hosting company, Claranet, to isolate it and remove it as a matter of urgency," it stated.

"All our users profiles are held on a completely separate website and server and were in no way compromised by this incident."

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.