The Syrian Electronic Army hacking group has claimed credit for hacking into an advertising network used by numerous websites, including many media outlets. As a result, some people browsing the affected sites reportedly saw only a blank screen and a JavaScript pop-up message that read: "You've been hacked by the Syrian Electronic Army (SEA)."

See Also: Holiday Breaches: How Banks and Merchants Can Defend and Respond

The website outages and defacements reportedly affected more than 80 sites, ranging from the Betty Crocker, Dell and Ferrari to National Geographic, the U.S. National Hockey League, and Verizon Wireless. But a number of media outlets also confirmed that their sites had been disrupted, including New York Daily News, the Canadian Broadcasting Network, CNBC, and the UK's Daily Telegraph, Evening Standard and Independent, among other sites around the world.

A Twitter account that appears to be operated by the SEA - and which in the past has been a reliable source of information about the group - later claimed credit for the Nov. 27 attacks. "Happy thanks giving, hope you didn't miss us! The press: Please don't pretend #ISIS are civilians. #SEA," it said, in apparent reference to the Islamic State of Iraq and the Levant. The account also released a picture of what appeared to be the GoDaddy control panel for Gigya.com.

After the SEA's hacking message began appearing on websites - but only sporadically, and in some geographies - and before the SEA's hacking claim appeared on Twitter - information security experts had already traced the attack to Gigya, which is an advertising network that was being used by all of the sites.

Gigya CEO Patrick Salyer confirmed those reports, saying hackers appeared to have subverted Gigya's advertising network by first hacking into its domain registrar, GoDaddy. Attackers apparently then altered the Gigya site's DNS settings, redirecting the content delivery network Gigya provides to customers "to a server controlled by the hackers, where they served a file called 'socialize.js' with an alert claiming that the site had been hacked by the Syrian Electronic Army," Salyer says, referring to the JavaScript file.

Happy thanks giving, hope you didn't miss us! The press: Please don't pretend #ISIS are civilians. #SEA pic.twitter.com/ZXzMWbXoYp

GoDaddy tells Information Security Media Group that the attacker appears to have first compromised the Gigya email account that was registered with GoDaddy. "The attacker then used our standard password reset process to gain GoDaddy account access and made DNS changes," says GoDaddy chief information security officer Todd Redfoot. "We have since assisted the customer in regaining account access and reversing the DNS changes."

Gigya says that beyond the denial-of-service condition that attackers created, and the related website defacement, no other data or functionality was compromised. "To be absolutely clear: neither Gigya's platform itself nor any user, administrator or operational data has been compromised and was never at risk of being compromised," says Salyer. "Rather, the attack only served other JavaScript files instead of those served by Gigya."

Salyer says the attack was detected at 6:45 a.m. Eastern Time, and the company's "whois" record was fixed by 7:40 a.m. Eastern Time. But given the nature of DNS servers - changes often take time to propagate - the fix didn't immediately take effect. "Gigya has the highest levels of security around our service and user data. We have put additional measures in place to protect against this type of attack in the future," Salyer says.