Cyber Incident Victim: Rediff

On April 30, 2015, the Indian web portal Rediff.com experienced a cyberattack targeting its subdomain businessemail.rediff.com, which hosted enterprise email and web hosting services. The attacker, operating under the alias HolaKo and identifying as pro-Palestinian, defaced the subdomain with a message declaring "Hacked by HolaKo, Rediff mail owned!? w00t !! We are the best of the rest. Free Palestine ! #SaveGaza." The defacement served as a political statement opposing Israeli occupation of Palestinian territories, specifically referencing the Gaza Strip. HolaKo communicated to media outlet HackRead that the attack aimed to amplify awareness of this geopolitical issue. Evidence of the compromise was documented through Zone-H archives and direct observation of the defaced page prior to restoration. The attacker additionally claimed unauthorized access to Rediff’s databases, email systems, and login credentials, though these assertions were not independently verified. Rediff administrators terminated the attacker’s access post-incident, limiting the duration of intrusion.

The incident disrupted Rediff’s businessemail subdomain, temporarily affecting its email and hosting services. HolaKo’s historical activity included a prior defacement of the Institute of Electrical and Electronics Engineers (IEEE.org) website under similar political motivations, establishing a pattern of targeting high-profile domains for ideological messaging. Rediff’s security team restored the compromised subdomain before HackRead’s article publication, indicating rapid containment efforts. No secondary disruptions or data exfiltration were reported beyond the initial defacement and access claims. The attacker’s focus on a subdomain rather than Rediff’s primary news and e-commerce portals suggested a deliberate choice to impact enterprise services while maximizing visibility. Operational continuity was maintained for Rediff’s core platforms throughout the incident.