SINGAPORE - The website of the graduate club National University of Singapore Society was temporarily taken down for less than 24 hours from Jan 11 midday due to a security issue, The Straits Times has learnt.

In an e-mail sent to members of the society on the same day, NUSS said that there was no indication of any impact on members’ data.

The NUSS website primarily serves as an information and engagement platform, providing access to society updates, events, facilities, dining offerings, and publications.

In response to queries from ST, an NUSS spokesperson added that checks had been completed and there were no signs of any data breach or unauthorised access to members’ information.

“It came to our attention that there were irregularities affecting the NUSS website around midday on Jan 11,” said the NUSS spokesperson, adding that the website was taken offline to facilitate necessary checks and revisions.

The spokesperson added that the website was up again in the morning of Jan 12. Checks by ST found that the website was already online at around 10am on that day.

“The irregularities on the website involved hidden content that appeared to link to other pages for search engine optimisation (SEO) purposes,” said the NUSS spokesperson.

Cyber-security experts said that the website, which is hosted on content management platform Wordpress, appeared to have been compromised. Threat actors could have exploited vulnerable plugins and form inputs to inject malicious links.

Outdated plugins or themes are the number one cause of cyber incidents on Wordpress, said Mr Aaron Ang, vice-president of non-profit organisation Digital Defence Alliance Singapore.

Some examples of outdated plugins include old versions of contact forms, event tools or e-commerce add-ons.

Mr Ang said that the threat actors could be conducting an SEO spam campaign, which works by compromising legitimate websites to inject hidden links or...