Lenovo's no good, very bad week of security may be getting worse -- Lenovo.com appears to have been hacked, likely in response to the Superfish scandal. This afternoon some visitors trying to access the site instead get a slideshow of webcam pics of kids sitting at their computer, along with a link to a Twitter account claiming to represent the hacker group Lizard Squad -- all set to the sounds of "Breaking Free" from High School Musical. The HTML code says this "new and improved rebranded" site is featuring Ryan King and Rory Andrew Godfrey -- two people that some internet posters have identified as members of Lizard Squad.
Update: It gets worse -- Lizard Squad's DNS hijack meant it was able to intercept Lenovo email as well, until Cloudflare shut it off. Ars Technica spoke to the company, which said it seized the account used and was able to update the MX records used for email to cut off the email interception. One message apparently caught claimed that Lenovo's Superfish removal tool had bricked a customer's Yoga laptop. That may not be the end though, as the group claims it will be combing through the "dump" of captured data soon.
Update 2: Security researcher Brian Krebs reveals that the two people named have actually been working to expose Lizard Squad, and that a hack at a Malaysian domain registrar was the source of the redirect.