HSE Site hacked

onedmc · 08-02-2026 09:40PM #1

I was trying to register for E111 card and up comes the chrome message. Clearly not a legitmate message on what is the correct site. Is this common on HSE links

Spear · 08-02-2026 09:45PM

I can't get that to appear on either that site, or any other HSE site. Do you really have a version as old as 121 installed?

bennyx_o · 08-02-2026 09:52PM

Can't get that message to appear either. OP, can you confirm if you are using Chrome version 121?

Mr.Crinklewood · 08-02-2026 09:55PM

Getting similar on Dolphin in the phone.

Chrome is fine.

cakedrive · 08-02-2026 09:55PM

Oh they are making a call to browser-update.org which is iffy because that tool could have been embedded into their own build process. Hosting it themselves. I don't love that a govt health site is calling out to a 3rd party domain that may not stay registered in the future (look at how politics.ie expired).

Spear · 08-02-2026 09:56PM

I've found other examples of that message, and there were pointing to a dodgy browser-update.org link, but were being injected by a dodgy extension usually.

Dublin Calling · 08-02-2026 09:59PM

motortax.ie was giving a security certificate error earlier on today. It then started working, but was giving other errors when you got to the credit card page.

Spear · 08-02-2026 10:16PM

So I've also found others claiming it's an community site and a bit of embedded code to do this, which is indeed present in the mymedicalcard.ie site.

So it's not a scam, your browser probably is just ancient.

irishgeo · 08-02-2026 10:24PM

https://www.boards.ie/discussion/2058432365/hse-site-hacked

This is the code.

/** * See http://browser-update.org/ for more info * * Will show a banner alert urging user to upgrade their * browser if they are running one of the following: * * - IE/Edge <= 10 * - Firefox <= 25 * - Opera <= 12.1 * - Safari <= 7 **/ var $buoop = {c:2}; function $buo_f(){ var e = document.createElement("script"); e.src = "//browser-update.org/update.min.js"; document.body.appendChild(e); }; try {document.addEventListener("DOMContentLoaded", $buo_f,false)} catch(e){window.attachEvent("onload", $buo_f)}</script></main><link rel="modulepreload" href="chunk-KKZOMRQT.js"><link rel="modulepreload" href="chunk-3WTGDV2Q.js"><link rel="modulepreload" href="chunk-KIYHF3S2.js"><link rel="modulepreload" href="chunk-NFLKI3W2.js"><link rel="modulepreload" href="chunk-MV7USRPP.js"><link rel="modulepreload" href="chunk-EPGHIZQJ.js"><script src="polyfills-SCHOHYNV.js" type="module"></script><script src="main-Q6FO5L4Z.js" type="module"></script></body></html>

onedmc · 08-02-2026 10:59PM

My browser is up to date. And if it wasnt I dont believe that this is the error that comes. The offending error seem to be gone now as I can no longer recreate it. And no I didnt update my browser😄

Mr.Crinklewood · 08-02-2026 11:12PM

https://www.boards.ie/discussion/comment/124219101#Comment_124219101

Same

Spear · 08-02-2026 11:24PM

https://www.boards.ie/discussion/comment/124219101#Comment_124219101

They may have broken it briefly, and caused a false positive. But the site and bit of code it uses are legit, even if it does look dodgy on first sight.

HSE Site hacked

Comments