A critical U.S. government domain dedicated to vaccine information has been compromised, now serving AI-generated spam content instead of public health resources. The website, operated by the U.S. Department of Health and Human Services (HHS), has been redirected or defaced to host unauthorized material, signaling a significant security lapse in federal digital infrastructure.
Persistent Security Breach
Evidence from archived snapshots indicates that the site has been hosting this unsolicited content—primarily LGBTQ+-themed posts—since at least May 12, according to historical web data. While the exact identity of the perpetrators remains unknown, the incident mirrors past attacks where official government domains were seized to propagate scam advertisements and illicit hacking services.
Part of a Massive SEO Spam Operation
The breach is not an isolated incident. Reports from 404 Media confirm that the HHS vaccines portal is merely one node in a sprawling, sophisticated spam network. This operation has successfully compromised high-authority domains belonging to major institutions, including NPR, Nvidia, and Stanford University.
The “Wowlazy” Connection
Affected websites are being weaponized to redirect traffic toward “wowlazy.com,” a destination characterized by nonsensical, AI-generated SEO spam. This tactic leverages the high domain authority of government and academic sites to manipulate search engine rankings, funneling unsuspecting users into a malicious ecosystem.
Lack of Official Response
Despite the severity of the intrusion on a federal health resource, the Department of Health and Human Services has yet to issue a formal statement or respond to requests for comment regarding the timeline for recovery and the scope of the vulnerability.