500 publishers were hacked through anti-ad block tool PageFair

Anti-blocking firm PageFair, which works with some 3,000 publishers, was hacked over the weekend, leaving visitors to 501 publishers sites vulnerable to malware attacks.

Anyone visiting one of these sites from a Windows computer on Saturday evening (between 11:52 p.m. and 1:15 a.m. GMT) would have been vulnerable, though only if they clicked on what looked like an Adobe Flash update. If they did, they would have downloaded malware directly to their computer.

In a blog post called “The Core Facts,” which went up first thing Sunday, CEO Sean Blanchfield explained the company noticed the breach almost immediately, though it took more that 80 minutes to shut it down“If you are a publisher using our free analytics service, you have good reason to be very angry and disappointed with us right now,” he wrote.

It’s an ironic twist, given that PageFair’s services help publishers combat ad blocking and ensure they get paid for their content. PageFair valued the cost of lost online ad revenue for 2015 at just under £14 billion ($22 billion) globally in a report released in August.

PageFair can’t release a list of which publishers were affected, though a spokesperson said most of them were fairly small. Just under two-thirds (60 percent) of them had fewer than one million monthly pageviews and 90 percent of them had fewer than 10 million monthly pageviews.

However, the company has stressed all publishers are important to it, regardless of size, and is currently working to estimate the degree to which visitors to all the websites targeted would have been affected by the attack.

Some media experts have said the attack was bound to happen. The kind of service the company offers makes them an appealing target to those who see it as their right to block ads and not be tracked online.

Most have been impressed by how candid PageFair has been in its response. DigitasLBi head of innovation Andy Girdwood was among them, though he added that the attack itself comes as no surprise, and predicted more hacking attempts on ad tech vendors before the end of the year.

However, he added: “I can’t imagine a near future in which hacking is so common and so successful that it begins to interfere with the media economy, effecting bid prices and placement. Ad blocking and fraud both have more chance of doing that.”

European ad blocking rates are the highest in Germany, with 30 million users using ad blocking software, according to PageFair. German digital media publisher Axel Springer has banned readers who have installed ad blockers from accessing its popular tabloid website Bild.de.

It even went so far as to try to quash conversations held in an online forum in which methods for circumventing the ad-blocker wall were had. It was successful in having the posts removed, though some media experts have likened any publisher attempts to root out the gaming of ad-blocking systems to a massive game of “Whack-A-Mole.”


More in Media

Immediate deepens CMP strategy, slashes ad tech partnerships for sharper data governance

Consent management platforms at Immediate aren’t just about ticking boxes for data laws.

Teads’ M&A rumors are firming up with a deal to merge with Outbrain

The latest installment of ad tech M&A activity is leaving some industry folks surprised.