Timber Creek Talon got hacked last week. Here’s what happened, why it happened, and how we (and you) helped fix it.
First, let’s define “hacked.” Technically, Timber Creek Talon was the victim of a man-in-the-middle type of attack using a malicious cookie saved on iPhones. What would happen to users that were impacted by this bad cookie is that any type of clicking interaction on the site would send pop-ups to the user — some with very inappropriate messages.
So who “hacked” us? That’s not entirely clear, but we do have a number of security flags that triggered on Friday, April 30 with some possible subjects — all of them being large, spam-focused websites that regularly hit our site.
And that bad cookie? Well, it’s been scrubbed from the website, but these types of attacks leave behind one crumb that’s very annoying — and it’s in your hands.
If you saw any pop-up EVER on Talon, we’d suggest immediately deleting your cached data and cookies for our site.
- Here’s how to do that on iPhones for Safari, according to Apple’s own support page:
- To clear your history and cookies, go to Settings > Safari, and tap Clear History and Website Data. Clearing your history, cookies, and browsing data from Safari won’t change your AutoFill information.
- To clear your cookies and keep your history, go to Settings > Safari > Advanced > Website Data, then tap Remove All Website Data.
- To visit sites without leaving a history, turn private browsing on or off.
If you used Chrome on your phone, here’s the way to fix it:
- On your iPhone or iPad, open the Chrome app
- At the bottom, tap More
- Tap History and then Clear browsing data.
- Make sure there’s a check mark next to “Cookies, Site Data,” and “Cached Images and Files.”
- Tap Clear browsing data.
Once either of those methods are done, please make sure to restart your phone. Yes, turn it off and turn it on again. This makes sure that Safari, Chrome or other browsers get fully fixed.
Our Talon reporters that did this process had success with the bug disappearing. Other Talon users never saw this issue at all. Your mileage may vary. However, if you have continued problems, we’ve started an e-mail account to help you specifically. E-mail email@example.com and we’ll get back to you if you’re having problems.
At this point, you might be asking why we’re posting about this, and if it could happen again. Let’s take the second question first. While Talon uses security methods like HTTPS, malware server scanning, and others, we’re not immune to the many types of attacks that are sent at websites every day. In fact, as Talon has become more trusted and gained more readers, we’re actually a larger target and have had to increase our maintenance and security methods. Additionally, because Talon is a key site for things like voting for school officers, prom nominations, file uploads for our award-winning Art and Literature Magazine, hosting innovative multimedia content and more, we have lots of places where something *could* go wrong.
Which leads back to the first question: Why we’re posting about this. You deserve to know what happens on this site and if you were impacted by a spam pop-up, it’s our duty to help understand and solve the problem. Because while you can see sticky notes and puppets and read about Students with Style, we’re also here to give you information and news you can use.
Talon is a safe website. But, with all websites, it isn’t immune to every attack. We always have been, and always will be, powered by and for Timber Creek High School’s community. Though it wasn’t any action or inaction from our team that caused the issue, it’s our duty to solve it.
So stay vigilant, and if you see a similar issue happen to another site, take pity on the system administrator who might be spending hours searching through every line of code on a site. Thanks in advance.