Microsoft UK website suffers hack attack

Posted on 4 Jul 2007 at 11:48

Microsoft's UK website has been defaced by hackers.

A page on the Microsoft site displayed images of a child waving the Saudi Arabian flag, before being pulled down last week.

It's likely the hackers circumvented Microsoft's security with a SQL injection that inserted rogue HTML code into a table that was read every time the page was generated. The code provided a link to a cascading style sheet being hosted on a third party domain.

Whilst Microsoft insists no customer data was stolen, it's still an embarrassment for the company, which is a regular target for website vandalism.

"Microsoft has learned of a criminal attempt to deface a sub-site of Microsoft.com through exploitation of a website error," the company says in a statement. "Upon notification of the criminal activity, Microsoft took the appropriate action to resolve the issue and stop any additional criminal activity.

"We apologise if customers are inconvenienced by the unavailability of the affected website. Microsoft is committed to helping protect our customers and we're working diligently with the third party hosting company to ensure the continued security of the website."