Skip to navigationSkip to content
PageFair hack.
HACKED

The Economist’s anti-ad blocker was hacked, exposing users to malware

By Ashley Rodriguez

This post has been updated. 

The Economist’s anti-ad blocking analytics service was hacked on Halloween and it may have exposed readers to malware.

The service—called PageFair, which allows publishers to measure the extent of ad blocking on their sites—was hacked on Oct. 31, the Economist announced in an online notice yesterday (Nov. 5). Users who visited the economist.com from the night of Oct. 31 to the early hours of Nov. 1, may have downloaded malware disguised as an Adobe update onto their computers.

Only those who used PCs with Windows OS are at risk, the notice said.

The number of users exposed by the security breach “runs in the hundreds,” Charles Barber, a spokesperson for the publication told Quartz, based on information from PageFair.

The Trojan malware was distributed through PageFair’s analytics network for about 80 minutes, PageFair said in a statement. The breach was apparently discovered after five minutes, but took more than an hour to halt.

“If you are a publisher using our free analytics service, you have good reason to be very angry and disappointed with us right now,” PageFair CEO Sean Blanchfield told MediaPost. “The attack was sophisticated and specifically targeted against PageFair, but it is unacceptable that the hackers could gain access to any of our systems.”

The Economist is not the only victim. Overall, 501 publishers were affected by the security breach and 2.3% of their visitors were placed at risk, according to the PageFair statement.

Update Nov. 6, 2 pm EST: The Economist, which hired a third-party to investigate the breach, learned today that the malware is a keylogger, a type of surveillance software that can record users’ keystrokes, the publication said in a statement. The malware can obtain personal data such as passwords and bank details if users login to websites after downloading the software.

The Economist said that it has begun warning customers about the updated security risks. Its own systems have not been compromised, so the customer data it holds is still secure.