Lenovo Web Site Hacked as Retribution for Superfish Scandal

The embarrassment isn’t over for Lenovo: the web site for the world’s biggest PC maker was taken offline by a malicious hacker group as retribution for the bundling of the Superfish malware on its PCs. The site was down for much of Wednesday but appears to be operational again as of this writing.

“We regret any inconvenience that our users may have if they are not able to access parts of our site at this time,” a Lenovo statement reads. “We are actively reviewing our network security and will take appropriate steps to bolster our site and to protect the integrity of our users’ information.”

Lenovo’s site was taken down by Lizard Squad, the hacker group that most infamously took down Microsoft’s Xbox Live and Sony’s PlayStation Network over the 2014 holidays. Last week, the group attacked the official web site for the country of Vietnam as well.

During this week’s attack, Lenovo’s web site displayed a photo slideshow while playing the Disney song “Breaking Free.” If you clicked on an image, you were taken to Lizard Squad’s page on Twitter. And the source code for the compromised home page cryptically declared, “The new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey.” Those two individuals have been identified as possible members of the secretive group.

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

Lizard Squad didn’t offer much in the way of Twitter-based commentary for this attack, which is a little unusual.

“So we’ve done Google, Vietnam and Lenovo, what’s next?” one tweet asks. “We’ll comb the Lenovo dump for more interesting things later.”

And it is possible that Lizard Squad has done more than just hack Lenovo’s web site: One of the group’s tweets appears to show an internal Lenovo email message alerting others to the hack. But Lenovo says the group simply used a DNS attack to redirect web site visitors to another address and “intercept” internal email. It’s not clear if customer data has been compromised, though that is unlikely.

Whatever the extent of the damage, Lenovo can add it to the spectacular PR blunder of last week, when it fumbled its response to the Superfish revelations. Since then, the US Computer Emergency Response Team (CERT), part of the Department of Homeland Security, issued its own warning about the Superfish malware that Lenovo preinstalled on its PCs.

“A machine with Superfish installed will be vulnerable to SSL spoofing attacks without a warning from the browser,” the warning notes. “Users should uninstall Superfish … and remove affected root CA certificates.”

If you are using an affected Lenovo PC—I have a list of models in Superfish Drama Winds Down, But the Damage is Done—you should use Lenovo’s automatic removal tool to uninstall the malware and, as important, remove the root certificates.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Paul Thurrott is an award-winning technology journalist and blogger with over 20 years of industry experience and the author of over 25 books. He is the News Director for the Petri IT Knowledgebase, the major domo at, and the co-host of three tech podcasts: Windows Weekly with Leo Laporte and Mary Jo Foley, What the Tech with Andrew Zarian, and First Ring Daily with Brad Sams. He was formerly the senior technology analyst at Windows IT Pro and the creator of the SuperSite for Windows.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: