UPDATE @ 1:25pm, 26 January 2015: The national carrier have confirmed that its website has not been hacked, but instead its Domain Name Server (DNS) was compromised and re-directed to a defaced website. More below.
Malaysia Airlines’ official website appears to have been hacked, as members of a group calling themselves the “Lizard Squad” – who recently hacked some social media accounts belonging to the US military several weeks ago – have claimed responsibility.
The national airline company is aware of the situation, and has posted alerts via its social media channels. It appears the company is actively working on the security breach, as the site is intermittently going offline. The company has shared direct links for those who would like to book fares, but even those links are not accessible. Those attempting to browse the site now will be redirected to the “lite” version of the website, which has online flight booking facilities.
You may experience difficulty accessing our website. We are currently working on resolving the issue. To book fares: http://t.co/tV2iIvlYxt
— Malaysia Airlines (@MAS) January 26, 2015
To check-in online, kindly visit http://t.co/eSWoAvFbge. We thank you for your patience and kind understanding.
— Malaysia Airlines (@MAS) January 26, 2015
However, as the web check-in facility is not hosted on the website, those who would like to check in online are able to do so via this link.
Contrary to some news reports, it appears anyone who accesses the MAS website via web browsers are affected by this breach. Those who visit the page via mobile Internet will be redirected to the site’s mobile page, which at the time of writing remains unaffected.
Chances that this is just a DNS redirect also appear to be slim, as tests to access the site using our local ISP, Google as well as OpenDNS’ DNS servers all lead to the defaced page. Malaysia Airlines have released a statement confirming that this was indeed a DNS redirect attack, and not a full-on breach on the site’s servers. The company expects the site to be fully operational within the next 22 hours. The full statement is embedded below:
A screengrab of the Malaysia Airlines website from earlier this morning (via The Malay Mail Online)
As for the source of the attack, the group calling themselves the Lizard Squad have claimed responsibility. This is the same group which was responsible for the recent attacks on PlayStation Networ (PSN) and Xbox Live on Christmas Day 2014, as well as allegedly taking control of several social media accounts belonging to the US Military several weeks ago. The group claims to be working for the ISIS terrorist network, where the Lizard Squad are branded as “cyber caliphates”.
What’s more worrying is what may come after. The hackers claim to have potentially sensitive information hosted on MAS’ servers, which the group threatened to release “soon“. With MAS’ press statement stating that user data was not compromised, we’ll be keeping a close eye on developments. As it stands, a screenshot of an email inbox containing ticket reservations and itineraries – including that of International and Trade Industry minister Datuk Seri Mustapa Mohamed – has been making the rounds online, with the hacker group calling out MAS for allegedly attempting to downplay the breach.
Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news.