When pornographers hit AARP

Some big news happened a couple of weeks ago that seems to have gone by without much notice: the "online community" area of the American Association of Retired Persons (AARP) was hacked by pornographers and malware purveyors.

You can read about it here, with some additional analysis here. Note that the main enterprise AARP.org site -- which is driven by Day Software's Communiqué Web CMS -- was not compromised.

An ex-AARP developer tells me that this community application was custom code developed by a (now defunct) consulting firm. In retrospect, that choice appears a mistake. There are numerous established "white label" suppliers of these services, as well as social software "suites" that you can extend for external scenarios. As Enterprise Social Software Report readers know, none of these solutions are ideal, but all of them have had to emplace and update some fairly tough protection schemes.

Still, don't harp on AARP. They fixed the problem quickly, and their community site continues to function and attract new members. This could happen to any of us; AARP's site was a big target because of the Google link-juice it confers. Just remember that when you want to extend social computing services beyond the firewall, you have to prepare to encounter the three horsemen of any website apocalypse: performance, cost, and ...security.

Other Enterprise Collaboration & Social Software posts

Workplace by Facebook Revisited

Facebook and Google talk about new revenue streams but investors still consider them advertising companies, and you should too.