Supply Chain Attack Hits Best of the Web Website

Supply Chain Attack Hits Best of the Web Website

The website Best of the Web, whose purpose is to assure site visitors that their user data is safe and that the websites it lists value visitor privacy, has been hacked, according to security researcher Willem de Groot. The site is a directory of websites that receive a trust seal so visitors will know they are real businesses, but the site itself was injected with an information stealing malware.  


On May 13, the researcher tweeted that the Best of the Web seal was injected with two keyloggers and that more than 100 websites were still linked to the compromised seal.


Attackers reportedly injected obfuscated JavaScript code, and according to his latest tweet, DeGroot confirmed that the attackers used open S3 buckets to inject form jackers. DeGroot has identified several supply chain attacks that have impacted multiple companies (complete list at PublicWWW), including Picreel, historydaily.org, groupon.com.ar, groupon.cl, trome.pe and tributes.com


Best of the Web confirmed that it had been compromised, stating, "Earlier today, we were notified that the script we use to display trust seals that we host on Amazon’s content delivery network (CDN) was compromised. We took immediate action to remedy the situation and are in the process of informing those w ..