An accessibility service provided by Texthelp Limited has been breached by attackers unknown in a move which has seen cryptocurrency mining scripts planted on websites across the world - including, embarrassingly, the Information Commissioner's Office (ICO).
'Texthelp can report that no customer data has been accessed or lost. The company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers CPUs to attempt to generate cryptocurrency. The exploit was active for a period of four hours on Sunday,' the company explains. 'The Browsealoud service has been temporarily taken offline and the security breach has already been addressed, however Browsealoud will remain offline until Tuesday 12:00 GMT. This is to allow time for Texthelp customers to learn about the issue and the company’s response plan.'
'So far as we can see, simply shutting down your browser is enough to kill off any cryptomining scripts that may have been left behind by this attack,' explains Ducklin of the method by which users can ensure their systems are no longer chewing through electricity to line some ne'er-do-well's pocket. 'If you run a website that uses the services of browsealoud DOT com we recommend that you stop your own pages from even trying to load content from that site (no matter that it is offline) until you receive a credible explanation and an all-clear from Texthelp.'
November 6 2020 | 17:30