WooThemes Database has been Compromised Usernames, Passwords and Credit
On May 9, 2014 it came to light that the popular WordPress theme provider WooThemes had been compromised. This does not come as a big surprise with the recent Heartbleed bug. The WooThemes hacks proves yet again the massive security flaws and dangers we face in all facets of the internet.
Users Report the Initial Breach
A user going by the name of GiantTitan posted the following on Hackernews:
“WooThemes.com — 3 days ago there was a leak of credit card data, and they didn’t tell anyone. I’ve had over 10k in charges on the two cards I have on file with them. They haven’t told their customers to warn them. This news needs to be made public so people can protect themselves and I just want to prevent this from happening to anyone else.
Here was my correspondence with support.
Thomas * May 08 18:54 Two credit cards that I have used on your system has ended up with credit card fraud. One card was only used on this website. It was a brand new card. I have read online that your checkout is not secure. You have cost my business thousands of dollars and time I can never recover. I will be reporting your company to the credit companies for further investigation.
Hi Thomas, I’m very sorry to hear that your card has been used fraudulently! We have had a few reports today of similar issues from other customers. You should contact your CC company and cancel the cards and report the fraudulent transactions if you haven’t already done so. The common practice is that they will not charge you for the fraudulent transactions, and issue you a new card. We take this very seriously and we are investigating this with our hosting provider and security experts, along with our current payment gateway. We will let you know once we have more information on this issue. Sorry for the inconvenience! Regards, Magnus Jepson Co-Founder
The scammers who used my credit card information decided to book hotel rooms in Paris under their real names and use their personal email addresses. The hotel was nice enough to disclosed the booking information to me. facebook/ajibola.moshood.10 facebook/ademosu.akintundemoses”
Over the past 3 days we have had a handful of reports of fraudulent activities on customer’s credit cards. We take these matters very seriously and immediately investigated each case to try and determine any pattern and the severity of any potential breach.
It must be made clear that we do not store any credit card details on our site, nor does WooCommerce, which makes this investigation that much more difficult to pin point.
Steps we’ve taken:
- We contacted Sucuri who have conducted a code & security audit
- We requested a full review by our host and payment gateway
- We updated our SSL certificate
- As a pre-cautionary measure we changed our payment gateway to a completely offsite payment method – being PayPal Express.
After further investigation WooThemes made a statement saying:
“Sucuri discovered 3 modified files on our server pointing towards an attack. It can not be said this is the reason for any leaked credit card information, and investigations continue.”
WooThemes of course advises that all users promptly change their passwords of all accounts with similar passwords. They also suggested that users monitor there credit cards over the next few weeks.
Technology has been growing exponentially over the past several decades. It does seem however that application and software security is not quite on par with the darker realms of the web.