No, Acunetix Website was NOT hacked
Acunetix website was not hacked — The so-called hacker took advantage of server downtime and used the fake screenshot to prove his defacement!

On 5th June, a wannabe hacker from Croatia claimed to have defaced the official website of Acunetix web vulnerability scanner (WVS) but it turned out to be nothing but a gimmick to get some fame one would assume. Once our report went viral we got an email from officials at Acunetix explaining that the site was not hacked at all, in fact, the site went down due to internet server issue and that’s when the ”hacker” probably photoshopped the defacement page.

The supposed hacker had claimed to upload a deface page on the homepage of Acunetix’s website with a message for Croatian prime minister Tihomir Orešković which of course turned out to be bogus while one researcher claimed Acunetix was using an outdated version of WordPress which also turned out to be false.

Here is an official explanation email to us by Nicky Sciberras of Acunetix:

“For some time between Saturday and Sunday early afternoon (CET), our website went offline. This was caused by an unexpected shutdown of the server hosting our site. During this period, users who tried to access our site got the following message: “Forbidden You don’t have permission to access / on this server.” Someone seems to have picked up on this event and decided to make a fraudulent claim that our site has been defaced. They also went through all the hassle of building a screenshot of the allegedly defaced site. This screenshot is false, and in fact it, analysis of the image shows that it is the only screenshot in circulation.
Nevertheless, we have gone through a full forensic process of the web server’s logs, and the website itself, and can confirm that no breach has occurred on our website. We have also involved a 3rd party company to confirm our findings. We can also confirm that we have been running the latest version of WordPress, and the minimal set of plugins used for our site do not have any known security issues.”

That’s not all, the wannabe hacker also tried to make a mirror about his supposed defacement on Zone-h, a platform that provides the archive for defaced websites however the mirror is still on hold and rather than showing the defacement page the message on display is “Forbidden You don’t have permission to access / on this server” which is quite evident that the whole hacking saga was bogus.

Acunetix has also released an official statement regarding the incident, click here to read the full statement.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.