Wild stuff. Copy and past of reddit post if you don't want to click any links:
Repeated attempts to contact Tor.com about this issue have failed, so I'm posting it here, as this potentially affects all users of the site (and registered ones in particular).
First, about the hack itself:
Attackers gained access to Tor.com and altered a file to include malicious javascript.
This is easy to verify:
EDIT: NOTE THAT GOING TO THE SITE ISN'T SAFE RIGHT NOW
Go to tor.com, view source, and ctrl-f "confirm.min.js". That'll show you the location of the/a compromised file.
Open the file and view the contents. Here's an imgur pic of what you'll see, in case you feel uncomfortable going to the website: https://i.imgur.com/kC4poBM.png
If you know anything about web dev, you'll see the problem immediately. If not...
Run the obfuscated code through a beautifier, and base64-decode the random-looking strings. You'll see that the code actually inserts a script tag with the src being some dodgy-looking URL. As noted in this tweet by Malwarebytes, that domain is in fact associated with a malware campaign.
Long story short, it appears that Tor.com failed to update its Wordpress plugins, resulting in the site being compromised. Which is why it now tries to spread digital herpes.
However, it gets worse...
Since the attackers had the ability to change files on the website, it's possible that they gained access to everything. That potentially includes user details/email addresses, passwords (hashed, hopefully), and so on.
Fortunately, this appears to have been an automated attack, so that may not have happened.
In case anyone associated with Tor.com reads this:
It goes without saying that just changing the file back and updating your plugins won't be enough to fix this, as the attackers may have left backdoors on the server.
