Has TechCrunch been hacked?

Graham Cluley
Graham Cluley
@[email protected]

The old technews.techcrunch.com websiteWell, perhaps not.. but certainly, something very strange is going on.

Back in June 2008, technology uber-blog TechCrunch announced its own news aggregator service called “TechNews” which had more than a passing similarity to Reddit.

TechCrunch announced that the system was currently on one of its test servers.

Whatever happened next to TechNews is lost in the mists of time.. all I know for sure is that it didn’t set the world on fire.

Sign up to our free newsletter.
Security news, advice, and tips.

So, what happens if you visit technews.techcrunch.com today? Here’s what you see:

This is what you see if you visit technews.techcrunch.com

And yes, that really is technews.techcrunch.com that I have visited. Check the url in the browser’s location bar if you don’t believe me.

Close-up of what you see if you visit technews.techcrunch.com

Black Oak Asset Management claims to be a legitimate firm based in Cartersville, Georgia. To all intents and purposes the website looks legitimate, the links work and there’s no obvious indication that the page has been set up for the purposes of phishing.

So, the weird thing about it is that it’s on a subdomain at techcrunch.com (in fact, it’s at two subdomains, because it’s also at primaries.techcrunch.com).

Has TechCrunch’s test server been hacked? Or has there been a goof-up involving DNS and IP addresses that means anyone visiting those TechCrunch domains now ends up on an asset management website.

It’s really most peculiar, and maybe the problem will get fixed soon by TechCrunch’s IT team. But in the meantime, it’s a timely reminder for all companies managing web servers to keep a close eye on their old domains, just in case one of them starts to offer webpages that shouldn’t be there.

This isn’t the first time that TechCrunch has had problems with its websites, of course. In September 2010 we reported how TechCrunch Europe was serving up malicious code to web visitors.

Update: The issue now seems to have been fixed, presumably by someone at TechCrunch’s end. Good job!

Further update: Vineet from TechCrunch has been in touch, with an explanation of what went wrong. Here it is..

Hi Graham,

Thanks for pointing out the subdomain issues on TechCrunch this morning. TC was not hacked :)

In the past, we had our own test server on this IP (hosted at MediaTemple) for those subdomains (technews, primaries and so on). We have long stopped using MT as our hosting provider. It seems that the IP is now used by someone else, Black Oak in this case. I believe this is what happened since the subdomains have existed for a long time and no one likely noticed the change of IP ownership.

I have deleted the DNS mappings for the subdomains in question.

Let me know if you have any questions.


Mystery solved. Nice one Vineet!

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.