Blog site back up after hack attack

Pyra managed to get its popular Blogger.com site back online again on Friday after shutting it down earlier in the day in response to a hacker attack.

The hack compromised individual accounts, locking out site users from their blogs.

Pyra has taken the machine that was compromised offline and restored the Blogger site from its redundant servers, said Jason Shellen, the company's director of business development. Users whose accounts were compromised should be able to access them again, he said.

Pyra has not yet determined when the hacker first got access to Blogger accounts, but the attack appeared to have started early Friday morning, Shellen said. Pyra took the site offline for about two and a half hours, but was brought back by late morning.

While it was down, visitors to Blogger.com were unable to access individual blogs or set up blog accounts. "Blogger is down for repairs. Please check back soon. Sorry for the inconvenience," a note on the site said.

Blogging, essentially the process of keeping an online journal of daily observations, has started to catch on with the mainstream. Celebrities, such as former Star Trek star Wil Wheaton, have their own blogs as well.

Blogger has been one of the more popular web log sites. It now has about 875,000 users who publish some 930,000 blogs, according to Shellen.

Shellen didn't know how many of those accounts had been compromised.

In postings on the web, some Blogger customers worried about the extent of the breach. While many use the Blogger site for free, some have paid for additional services, such as ad-free blog pages and additional tools - meaning that Pyra has their credit card information on file. Likewise, some Blogger users who publish their blogs to outside websites are worried that their user IDs and passwords to those sites could have been compromised also.

But Pyra believes the hack was a fairly low-level attack that didn't compromise outside accounts or credit card information, Shellen said. Credit card data, for instance, is kept on a different sever from the one that was attacked, he said.

"From what we can tell, this looks like a pretty juvenile job," Shellen said. "There's no way that (the credit card data) could have been breached."

Blogger customer Mark discovered that his account had been compromised when he was unable to log into his blog. When Mark, who asked that his last name not be used, requested that Blogger send him a new password for his account, the system instead sent the password to what he believes was the hacker's address. The Boston tech writer said he was unable to contact Blogger to alert them to the breach.

"It shows we really take security for granted after a while," he said.

Troy Wolverton writes for News.com