Over Memorial Day weekend, a group called LulzSec hacked into PBS’s Web site and posted this image, saying that it was angry about the network’s broadcast of a documentary on WikiLeaks.
LulzSec said it broke into PBS’s servers by taking advantage of a security hole in an older version of the content-management system Movable Type. It then took advantage of out-of-date software on PBS’s servers so it could gain access to the user names and passwords of PBS’s administrators, member stations, journalists, and other staff members by using a map of the site’s servers.
The situation highlights the need for organizations to make sure their content-management systems are up-to-date, said Steven Backman, chief executive of Database Design Associates, a technology consultant.
While PBS runs its sites on its own servers, Mr. Backman says it’s important for nonprofits that hire outside Web-hosting services to understand who is responsible for making those updates.
“Some of the updates might get applied by the hosting provider, but some of them won’t be,” Mr. Backman said. “You have to have someone who knows, ‘Do we need this update, and when should I do it?’”
Mr. Backman also said that the hack demonstrates the need for groups to adopt strong passwords that walk a fine line between convenience and protection.
While most nonprofit officials would rather not spend a lot of time thinking about Web security, Mr. Backman says it is important and too often ignored.
“If giant corporations are vulnerable, even small nonprofits are vulnerable,” he said.
LulzSec, which has recently hacked into sites run by Sony and Fox, didn’t just take passwords and other information. It also tried to harm the credibility of PBS by posting a fake news article on PBS’s site saying that the slain rapper Tupac Shakur was alive and created other pages, including one with the image shown above.
The action came after the PBS show “Frontline” broadcast a documentary called “WikiSecrets.”
“We just finished watching WikiSecrets and were less than impressed,” said a message from LulzSec posted online. “We decided to sail our Lulz Boat over to the PBS servers for further … perusing.”