Cyber Incident Victim: Perez Hilton
Date:
May 2016
Location:
United States of America
Summary
The PerezHilton.com website was compromised through a malvertising attack, where malicious advertisements injected into its advertising network redirected visitors to fraudulent sites designed to distribute malware. This incident exposed users to potential drive-by downloads and credential theft schemes. While the full scope of impacted users remains unclear, the breach underscores the risks associated with third-party ad dependencies in web ecosystems. The attack vector leveraged legitimate ad infrastructure to bypass security controls, demonstrating threat actors' continued exploitation of trusted digital supply chains to deploy malicious payloads.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In May 2016, PerezHilton.com experienced a malvertising compromise where attackers injected malicious advertisements into the website’s legitimate ad network. These malicious ads redirected unsuspecting visitors to exploit kits designed to probe for vulnerabilities in web browsers, plugins, and operating systems. Upon identifying unpatched software, the exploit kits delivered malware payloads capable of data theft, financial fraud, and system compromise. The attackers employed a domain generation algorithm (DGA) to dynamically create new command-and-control server domains, complicating detection and blocking efforts by traditional security tools. The campaign specifically targeted vulnerabilities in widely used software such as Adobe Flash, Java, and Internet Explorer, leveraging known exploits that had not been patched on victims’ devices. PerezHilton.com’s administrators became aware of the issue after receiving user reports of unexpected redirects and antivirus alerts during browsing sessions. Security teams confirmed the malvertising originated from a compromised third-party ad provider integrated into the site’s advertising supply chain.
The incident impacted a significant portion of PerezHilton.com’s visitor base, with malware infections leading to stolen banking credentials, ransomware deployments, and unauthorized access to personal devices. Site administrators responded by temporarily suspending all third-party ad networks, conducting a forensic audit of ad content, and implementing stricter validation protocols for advertising partners. Users were notified via the website and social media channels to update their software, run antivirus scans, and monitor financial accounts for suspicious activity. The compromise highlighted the risks of programmatic advertising ecosystems, where malicious actors exploit trusted ad networks to distribute malware at scale. Financial losses stemmed both from fraudulent transactions against infected users and reputational damage to PerezHilton.com’s brand. No evidence indicated the attackers breached PerezHilton.com’s internal systems directly, as the intrusion vector remained confined to the adulterated ad inventory. Post-incident analysis revealed the malvertising campaign operated for approximately 72 hours before mitigation efforts fully contained the threat.