2 min read

WooThemes hacked. Premium WordPress theme manufacturer warns of credit card leak

Graham CLULEY

May 09, 2014

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
WooThemes hacked. Premium WordPress theme manufacturer warns of credit card leak

There’s potentially some rather bad news today if you are a customer of WooThemes, the popular WordPress theme manufacturer.

The first sign of a possible problem at WooThemes, was yesterday when the company’s code ninjas tweeted that it was “looking into issues” with its payment gateway.

Today, in a blog post, the company confirmed that it had received approximately 300 reports from customers of fraudulent credit card activity, most of which have occurred in the last five days.

Some users took to Twitter to tell the company that they had fallen victim.

WooThemes was at pains to underline that it doesn’t store any credit card details on its website, and that the security issue does not appear to involve a vulnerability in WooThemes-developed themes which are used by many popular WordPress websites.

In today’s blog post, and in an email sent to its 230,000 newsletter subscribers, WooThemes said that it had called in Sucuri to conduct a code and security audit, updated its SSL certificate, and changed its payment gateway to PayPal Express – taking all parts of the payment process completely offsite.

According to WooThemes, Sucuri identified three modified files on the company’s server which pointed towards an attack – although these have not yet been linked to the leaked credit card information. It would be great to know more information about what those files consisted of (were they malicious scripts, for instance?) but for now, no further information is forthcoming.

Some have speculated that although WooThemes does not store credit card information, details could have been intercepted in-transit as credit cards were used to make purchases.

Right now, WooThemes seems to be doing the right thing. It has called in experts to audit its systems and determine if any security holes exist, and taken preventative steps to prevent future visitors to its online store from being impacted.

Furthermore, it has informed its customers that there is a problem, told them to lookout for unexpected transactions on their credit cards, and promised to keep its blog post updated with further information as it becomes available.

As more and more companies do business online, criminals become ever more attracted to targeting them with attacks – hoping to grab credit card and personal information that could be later exploited for financial purposes.

Each and everyone of us has to be cautious about how we act online, and take care to check out credit card and bank transactions for unexpected activity which could signal we have fallen victim to a hack attack.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read