Red-faced security experts at the BBC are having to explain how a hacker broke into their systems over the Christmas break.
According to Reuters, the hacker was only revealed after he launched a Christmas Day campaign to convince other cyber criminals to pay him for access to the system.
It is not clear if the hacker found any buyers, but the BBC’s security team responded to the issue on Saturday and believes it has secured the site.
Reuters could not find out if the hacker stole data or caused any damage in the attack. However, they did manage to compromise a server that manages an obscure password-protected website called ftp.bbc.co.uk.
The Beeb was warned about the attack by Hold Security, a cybersecurity firm in Milwaukee that monitors underground cyber-crime forums in search of stolen information.
Hold spotted a Russian hacker known by the monikers “HASH” and “Rev0lver,” attempting to sell access to the BBC server on December 25.
HASH showed files that could only be accessed by somebody who really controlled the server.
The BBC has been targeted by the Syrian Electronic Army, which supports Syrian President Bashar al-Assad, and other hacker activist groups that deface websites and take over Twitter accounts.