UBC is blaming human error for a hack on its Food Services website that saw it replaced with a fanpage for the Insane Clown Posse.
The hack was discovered when a tweet from the Ubyssey student newspaper warned that the page had been compromised.
The site was replaced with a crude fanpage for the hip hop group and credited the attack to a hacker named "ShadowDXS."
"Hacked by ShadowDXS for never feeding Canadian Juggalos at UBC College," the page read.
The page linked the attacker to online collective Anonymous. It also contained a link to a Twitter account for ShadowDXS that belonged to a user named "Branndon Pike."
Pike denied any responsibility for the hack, The Ubyssey reported.
A staffer with UBC Student Housing and Hospitality saw the tweet and notified its IT department, who discovered that the page had been compromised at around 7:30 p.m. that night. They took it down four hours later.
The hack took place after the department updated the Food Services site last Friday, a task that required opening certain permissions in order to make the change.
The staffer handling the task updated the site but didn't secure those permissions when he was finished, said Christopher Yong, senior IT manager for student housing and hospitality.
"He was trying to do too many things at the same time. You know how you multitask, and you think you finished, but you hadn't?"
IT staffers later restored the Food Services site to a previous version and completed the last step that the employee hadn't finished. It was restored to its normal state at around 9:30 a.m. on Monday morning.
Yong told The Ubyssey that the task was performed by a new employee, but he told The Huffington Post B.C. that the staffer had worked in the department for a "few years."
"A lot of our staff have been here for over a decade, so when I say young and new, (I mean) a couple of years," he said.
Yong stressed that Food Services was the only website defaced in the hack and that no personal information was affected in this attack because the university's student databases are stored on a completely different server.
"This is static information," he said of the hacked page.
"There are links from this site to the secure site, but none of that information is here."
Also on HuffPost
