Office blogs switch from Telligent to WordPress, get hacked anyway

By Kip Kniskern | Posted January 20, 2014 4 comments

Today, the official Office blogs debuted a new look and feel, and thanks to the Syrian Electronic Army (@Official_SEA16), it became obvious that they made a switch from the proprietary and ASP.net powered Telligent CMS (what used to be called Community Server back when we used it) to a variation of WordPress. In the past few weeks, the Syrian Electronic Army (Wikipedia) broke into some Microsoft properties, including the Skype blog and some corresponding social media accounts, a Bit.ly account (which would have given them access to Twitter and Facebook and more), and some Outlook Web Access email accounts.

Today, however, they apparently were intent on raining on the Office Blog’s big transition to WordPress (of course, the fact that they’re now using WP isn’t much of a secret: a simple View Source would have revealed the same thing, although obviously not administration access). The hacker group posted screenshots of both the Telligent and the WordPress admin panels:

As the Syrian Electronic Army so helpfully pointed out:

Why Microsoft didn’t take the time to go back and change all of their passwords is indeed an obvious question, but having just gone through a site upgrade ourselves (and having previously gone through the Telligent to WordPress transition, too), it apparently slipped through the cracks.

The hacked posts and hopefully rogue access has been removed, and we do commend Office for upgrading its blogs, however inauspicious their start. For the record, the Office blogs have adopted a nice clean new look:

They’ve made the site responsive, done away with the annoying necessity to remember your login credentials (you now only need to provide a name and email address), and included provisions for pinning the Office Blog sites to Windows 8 or Windows Phone, making use of Live Tiles. They’ve also implemented a filter system to show you blog posts only for products you use, and making it easy for you to subscribe.

While there simply isn’t any excuse for Microsoft not to have a better handle on its security, even when it comes to company blogs, we’re sympathetic to their plight.  Good luck, Office blogs (and get it together, mkay?)

 

Posted January 20th, 2014 at 6:35 pm
Category: News
Tags: Blog, Office, hack
  • Travis Pope

    Strike one for open source. *goes to lock down WordPress blog*

    • http://www.joshbroton.com KillaPenguin

      It wasn’t because of WordPress. It was because Microsoft migrated all their old passwords to the new system and the SEA already knew them. It’s an IT error, not a WordPress security vulnerability.

      • Travis Pope

        Thanks for clarification

  • GameCube

    Looks like Blogger in this screenshot.