Links to shady websites advertising logins for porn platform OnlyFans have reportedly been found by researchers on an EU website.
Security researchers have reportedly found a number of dodgy links to illegal streaming websites and account-creating services on the website of the European Commission, including one shady site advertising accounts for porn platform OnlyFans.
The links have been blamed on the allegedly poor cybersecurity standards of the Commission, with EU bodies as a whole having a history of cyberattacks and security blunders over recent years.
According to a report by POLITICO, analysts from Nord Security reportedly found various links to questionable sites on the education.ec.europa.eu subdomain of the Commission’s website, with services promising users the ability to create accounts for platforms like OnlyFans, Playstation, and Fortnite reportedly listed as featuring on pages hosted by the EU.
These links are claimed to have been added by malicious actors who exploited weak security settings on the EC website, allowing them to add links, as well as PDF documents and other files to the system.
Such ‘hacker’s are reportedly not hunting to have Ursula von der Leyen become their next big client however, the security experts instead explaining away the insertion of these links as being an attempt to push these questionable sites up the Google results page, a process often referred to as search engine optimisation (SEO).
“It’s part of what’s called blackhat SEO,” Nord Security researcher Adrianus Warmenhoven reportedly explained. “It’s not rocket science to abuse it. It’s also not rocket science to defend against it.”
In response to the revelation, a spokesman for the Commission said that the body was “aware of the issue” and was now working to solve it.
However, Warmenhoven expressed concern that the EC had seemingly failed to do what are said to be very basic cybersecurity checks on their own website.
“It’s really one of those basic operational things that has not been done yet,” he said, adding that the idea the ruling EU body had failed to do it was “worrisome”.
It is far from the first time the EU has had serious cybersecurity issues though, with the entire EU parliament website going down as a result of a cyberattack late last year shortly after it declared Russia a state sponsor of terrorism.
The attack was linked to pro-Russian outfit Killnet, though the distributed denial-of-service (DDoS) is not thought to have done anything more than knock the service offline.
A more serious breach is thought to have occurred back in 2020, with a cyberattack on the EU’s European Medicines Agency resulting in hackers gaining access to documents relating to the Pfizer/BioNTech COVID vaccine.