Several prominent websites suddenly started displaying inappropriate or NSFW (read porn) videos in their older articles. It turns out the adult video industry grabbed vid.me, a domain once used for general-purpose videos.
Some of the most influential and powerful websites were left red in the face after several of their older stories now have adult videos in them. A quick investigation revealed these websites relied on the domain vid.me to embed streaming videos in their articles.
Articles on The Washington Post, New York Magazine, and HuffPost displaying NSFW videos from Vid.me:
Quite a few leading general news websites saw their stories now displaying porn videos instead of the once-embedded intended ones. Some of the prominent names include The Washington Post, New York Magazine, and HuffPost.
There are a few examples that social media users have uploaded, which prove NSFW videos are now embedded within routine or standard news articles.
Major news sites serve porn after https://t.co/NfgGzo2zzr domain takeover – @Ax_Sharmahttps://t.co/5FRRebhF6r
— BleepingComputer (@BleepinComputer) July 23, 2021
It appears all the affected sites had been relying on the video streaming provider, Vidme, to embed streaming content. Standard embedding practice involves using HTML iframes to display the videos that the vid.me domain hosts.
Video hosting site Vidme shut down at the end of 2017, but its domain and archives stayed up for a while. Recently, though, a porn site bought it, and the old Vidme videos many sports, entertainment, and news sites embedded now are showing porn. https://t.co/t7rpOEmsJb
— Awful Announcing (@awfulannouncing) July 23, 2021
Incidentally, the Vidme platform has been defunct for close to four years now. Way back in 2017, Vidme shut down its operations.
In the same year, Vidme posted a blog post that confirmed Giphy had acquired the platform. However, the new owners indicated they would be deleting all the hosted videos before 2017 ended.
How did a defunct video streaming platform suddenly start offering NSFW videos?
There is a standard operating procedure for such simple acquisitions. As Giphy acquired Vidme and confirmed it would delete all videos, that’s precisely what happened.
Simply put, all the videos from Vidme disappeared. Hence, the iframes that once embedded the videos should have shown an empty frame. At the least, there should have been an error.
Does this count as a supply chain attack too? 😂 https://t.co/o66BPDguXe
— Catalin Cimpanu (@campuscodi) July 22, 2021
However, all the iframes started displaying NSFW videos because the vid.me domain once again changed ownership. Reports indicate vid.me domain’s ownership and/or registration updated this month.
It seems an adult video website owner grabbed the Vid.me domain, which the parent company allowed to expire. The company is now promoting its content on some of the most prominent and well-read news websites.
If you want to avoid this and run @The_Pi_Hole, pop:
(^|.)vid.me$
into the blacklist.
You could do similar with the hosts file on your computer:
127.0.0.1 https://t.co/UIjSk8hvFF https://t.co/grYNyKINMo
— Neil Brown (@neil_neilzone) July 23, 2021
Some website designers and domain name experts suggest purging any and all links to the defunct service. As for administrators, adding Vid.me to the network blacklist should help.
Regular internet users can block the Vid.me domain in their HOSTS file. Although a little complicated, it is the most effective way to block any and all unsuitable content.
As for the websites that suffered, it is quite likely their admins are scrubbing old articles to remove all traces of Vid.me.