Top Stories
Top Stories

Lenovo website breached, hacker group Lizard Squad claims responsibility

Tomohiro Ohsumi | Bloomberg | Getty Images

China's Lenovo Group website was hacked, the company said on Wednesday, days after the U.S. government advised Lenovo customers to remove a pre-installed virus-like software, "Superfish", on laptops that makes the devices more vulnerable to attacks.

Hacking group Lizard Squad claimed to be behind the attacks, according to its Twitter page.

Lizard Squad has taken credit for several high-profile outages, including attacks that took down Sony's PlayStation Network and Microsoft's Xbox Live network last month. Members of the group have not been identified.

"The domain name service server hosting Lenovo's website was hacked. We do not have any further information at this time to share. We'll update as soon as possible," Lenovo said in a statement to Reuters.

'White Hat Hacker's' security tips

San Francisco-based security firm CloudFlare said hackers transferred the domain to CloudFlare in order to point it to a defacement site.

"As soon as we at CloudFlare noticed, we seized the account and worked with Lenovo to restore service while they worked to recover their domain," Marc Rogers, Principal Security Researcher at CloudFlare, said in an email to Reuters.

Starting 4 p.m. ET on Wednesday, visitors to the Lenovo website saw a slideshow of young people looking into webcams and the song "Breaking Free" playing in the background, according to The Verge, which first reported the breach.

Read MoreFireEye CEO: Cyber danger has never been more real

"We're breaking free! Soarin', flyin', there's not a star in heaven that we can't reach!," Lizard Squad posted on its Twitter page, quoting the song from the movie "High School Musical".

The hackers also posted a couple of screenshots of an email between Lenovo employees regarding the "Superfish" software.

The Department of Homeland Security said in an alert on Friday that the "Superfish" program makes users vulnerable to a type of cyberattack known as SSL spoofing, in which remote attackers can read encrypted web traffic, redirect traffic from official websites to spoofs, and perform other attacks.

Rogers also said CloudFlare was able to restore service before Lenovo recovered the domain, suggesting that the outage was probably "quite small".

However, Lenovo's website was inaccessible at 7:54 p.m. ET. A message said the site was unavailable due to system maintenance.