The technique believed to be used is a well-established one for plucking low-hanging fruit of the Internet. Computers all over the world, unknowingly infected with malware, formed a "botnet" doing the group's bidding. Each time a computer visited a site, it attempted a "SQL injection," in which items like search and comment fields are filled with code meant to force the site's database to spit out its contents. Such vulnerabilities are well known and fairly easily fixed, but thousands of websites clearly have yet to do so. NBC News contacted Hold Security for details but has not yet received a response.
Copyright 2016 Nexstar Broadcasting, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.