jQuery’s blog website (blog.jquery.com) runs on WordPress—the world’s most popular content management system (CMS) used by millions of websites.
The defaced blog post URL — http://blog.jquery.com/2017/10/26/hacked/ (now removed).
Since the above-mentioned blog post was published under the name of Leah Silber, a core member of jQuery team, it seems hackers were able to make their post live by compromising Silber’s account—probably by reusing her password leaked in a previous data breach.
If not, the hackers might have gained unauthorized access to the website either by exploiting a (known or zero-day) vulnerability in WordPress script or the server.
jQuery team has immediately removed the post created by the hackers as soon as they realized there was a compromise, but so far the organisation has not released any official statement about the incident.
Since millions of websites directly use jQuery script hosted by jQuery server, today’s attack could be worse if the hackers would have been able to compromised code.jquery.com in an attempt to replace the official jQuery file with the malicious one, putting billions of visitors of millions of websites at risk of malware attacks.
Interestingly, Coinhive was also hacked via password reuse attack, allowing the attacker to gain its CloudFlare account and change DNS settings unauthorizedly.