Chocolate-obsessed hacker breaks into Hershey’s website to change a recipe

With cybercrime costs on the rise, a successful hacking attempt on Hershey’s website caused the chocolate-making company to send out a consumer warning via email to all users of the official Hershey Co. website. The hacking attempt targeted a single recipe before leaving without attempting to access private consumer data. Hershey stressed that no credit card numbers or bank account information is located on the same server as the recipes, but the server did contain passwords, email addresses, mailing addresses and birthdays of any consumer that registered on the site. 

While it’s possible the hacker is a food-obsessed, amateur pastry chef, it’s more likely that the hacker was testing for vulnerabilities in the security of Hershey’s servers and decided to alter a file to test Hershey’s ability to discover the hacking attempt. In the public email to consumers, The Hershey Company put emphasis on strong password creation, frequent changes in passwords and for users to be cautious about opening suspicious emails with phishing links. Hershey also claims to have taken steps to close the security hole to thwart future attempts at recipe alterations.  

This story broke after Mcafee released a document yesterday that details a massive hacking operation called Operation Shady RAT, much larger than LulzSec and Anonymous. The hacking group targeted over 72 major corporations and governments over a five year period. RAT stands for remote access tool, a hacking method that provided access to a victim’s computer after the victim clicked on a link used in an email phishing scam. Popular targets included many U.S. defense contractors, government agencies both domestic and abroad, tech companies and even the Olympic committee. Victims of these attacks typically had to fend off intrusions for about a month, however some entities were dealing with attacks for about two years.