BrowserStack takes service offline as it deals with hacked infrastructure

A web service that enables developers to test the rendering of websites on different browser platforms has fallen victim to hackers.

Browserstack confirmed its infrastructure had been compromised in a tweet yesterday evening, and said it was "currently sanitising entire BrowserStack, so service will be down for a while. We're on top of it and will keep you posted," according to a short statement.

JotForm founder, Aytekin Tank, noticed the problem. In a post on Medium, he said that he had received an email purporting to be from BrowserStack claiming the service was closing down.

The email claimed the firm had "no firewalls in place, and our password policies are atrocious. All virtual machines launched are open to the public, accessible to anyone with the alpha password."

It wasn't until earlier this morning that BrowserStack took to Twitter once more and said the hacker's access "was restricted solely to a list of email addresses".

The firm said it would carry out a post-mortem in the wake of the attack to prevent the same thing happening again. "Currently efforts are focused on getting the service back on track, and protecting user interests," the firm said in another tweet.

The service itself uses virtual machines to enable devlopers to test their apps on 11 different operating systems and over 700 versions of various browsers.

Tank said the problem would be a good opportunity for BrowserStack to "take security more seriously, and improve things permanently".

"They should fully and publicly admit any mistakes they have made and tell users what steps they will take to improve things, and they should then follow it through. Things might suck at the beginning but the end result would eventually be a win for both BrowserStack and their users," said Tank.