Hacking group blamed for Lenovo cyber attack

Related story: Lenovo site hacked after adware blunder By Agencies

A woman is seen at a store of Lenovo in Shanghai, China, Feb 26, 2013. [Photo/IC]

Lenovo Group Ltd's website was hijacked and users were redirected less than a week after the company was criticized for pre-installing advertising software on consumer laptops that exposed users to hacking.

The company said it had restored some functionality to the site after customers reported a breach in which they saw videos of young people looking into Web cameras, with the song Breaking Free from the movie High School Musical playing in the background.

Some employee e-mails were also leaked by a hacking group called the Lizard Squad, according to postings on Twitter. The group has previously targeted Sony Corp's online PlayStation video-game network.

The hackers apparently took over Lenovo's site by altering the records with the domain-name registrar used by the company, according to Matthew Prince, co-founder and chief executive officer of CloudFlare Inc, a San Francisco-based security company.

Last week, Lenovo apologized to customers and pushed out fixes to remove software made by a company called Superfish that Lenovo pre-installed on many consumer devices.

"This may be another small hit to brand image for Lenovo," said Dan Baker, an analyst at Morningstar Inc in Hong Kong. "It looks like the hackers were unhappy with the Superfish episode and did this as payback."

The attackers used a free CloudFlare account to disguise their origins, Prince said, and then redirected traffic from lenovo.com to CloudFlare's network. CloudFlare disabled the account used by the attackers, Prince said.