500 publishers were hacked through anti-ad block tool PageFair

Anti-blocking firm PageFair, which works with some 3,000 publishers, was hacked over the weekend, leaving visitors to 501 publishers sites vulnerable to malware attacks.

Anyone visiting one of these sites from a Windows computer on Saturday evening (between 11:52 p.m. and 1:15 a.m. GMT) would have been vulnerable, though only if they clicked on what looked like an Adobe Flash update. If they did, they would have downloaded malware directly to their computer.

In a blog post called “The Core Facts,” which went up first thing Sunday, CEO Sean Blanchfield explained the company noticed the breach almost immediately, though it took more that 80 minutes to shut it down“If you are a publisher using our free analytics service, you have good reason to be very angry and disappointed with us right now,” he wrote.

It’s an ironic twist, given that PageFair’s services help publishers combat ad blocking and ensure they get paid for their content. PageFair valued the cost of lost online ad revenue for 2015 at just under £14 billion ($22 billion) globally in a report released in August.

PageFair can’t release a list of which publishers were affected, though a spokesperson said most of them were fairly small. Just under two-thirds (60 percent) of them had fewer than one million monthly pageviews and 90 percent of them had fewer than 10 million monthly pageviews.

However, the company has stressed all publishers are important to it, regardless of size, and is currently working to estimate the degree to which visitors to all the websites targeted would have been affected by the attack.

Some media experts have said the attack was bound to happen. The kind of service the company offers makes them an appealing target to those who see it as their right to block ads and not be tracked online.

Most have been impressed by how candid PageFair has been in its response. DigitasLBi head of innovation Andy Girdwood was among them, though he added that the attack itself comes as no surprise, and predicted more hacking attempts on ad tech vendors before the end of the year.

However, he added: “I can’t imagine a near future in which hacking is so common and so successful that it begins to interfere with the media economy, effecting bid prices and placement. Ad blocking and fraud both have more chance of doing that.”

European ad blocking rates are the highest in Germany, with 30 million users using ad blocking software, according to PageFair. German digital media publisher Axel Springer has banned readers who have installed ad blockers from accessing its popular tabloid website Bild.de.

It even went so far as to try to quash conversations held in an online forum in which methods for circumventing the ad-blocker wall were had. It was successful in having the posts removed, though some media experts have likened any publisher attempts to root out the gaming of ad-blocking systems to a massive game of “Whack-A-Mole.”

https://digiday.com/?p=144330

More in Media

Media Briefing: Publishers search for new ways to grow (and authenticate) audiences, overheard at the Digiday Publishing Summit

“[Advertisers] already pay data providers for data. So why not pay the publisher?”

Research Briefing: Publishers’ revenue sources are top of mind at Digiday Publishing Summit

In this week’s Digiday+ Research Briefing, we examine which revenue streams were top of mind for publishers at the Digiday Publishing Summit, how TikTok is getting even more marketing spend from brands and retailers despite facing a potential U.S. ban, and how Disney is rolling out DRAX Direct, a direct integration with the industry’s largest DSPs, as seen in recent data from Digiday+ Research.

How Forbes is testing its SSPs to improve programmatic ad revenue

Forbes has been running tests with its SSPs to improve the ad tech firms’ contributions to the publisher’s revenue.