Bay District School’s website was still down early Monday night after hackers took over the page Sunday afternoon.
It appears a group named Typical Idiot Security in the Romania area hacked the website and redirected users to a page displaying an Anime character and playing Linkin Park’s song “Heavy.”
The hackers did not specifically target the district’s website nor attempt to steal any information.
Instead, they were looking for vulnerabilities in dozens of sites to play what appears to be just a joke, according to the district’s Management Information Systems (MIS) Director Chip Shows.
Shows said the hackers targeted the district’s web hosting service and searched for known exploits. They found one in the 3essentials Hosting software that the district uses to publish its website.
“These are people that just, it’s what they do for fun. They look for those exploits. They inject the script that then changes all the default pages to what you saw if you went to the website,” he said.
While the hackers successfully changed the district’s website and dozens of others, the software that was exploited was not installed on servers with student information.
Shows said the Parent Portal program, which parents use to update and view their child’s information, is housed on a more secure server separate from the website.
“Their student information is safe. It was never at risk. They couldn’t have found anyway to get to from the district website,” Shows said.
Shows said he expected the website to be restored by Monday night, but it could take some time as the 3essentials company was having to restore dozens of pages.
Until the website is restored, the district is redirecting the web address to the Parent Portal login so parents can still access their accounts.
Bay District Schools’ website was hacked Sunday night, according to Superintendent Bill Husfelt.
The page showed an anime character with an obscene hand gesture.
Those behind the hack got access to the website’s hosting server and redirected the web address.
Husfelt said they did not get access to the local server, including Parent Portal or Focus which contains confidential information.
Authorities were working late Sunday night to restore the website and determine who is behind the hack.