• Latest
  • Trending
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP

WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern

11 months ago
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP

Weekly WordPress News: WordPress 5.3.1 Released with Security/Bug Fixes

2 days ago
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP

43 Top Tools for WordPress Freelancers, Designers, and Developers

2 days ago
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP

News – WordPress 5.3.1 Security and Maintenance Release – WordPress.org

3 days ago
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP

A New Build of the WooCommerce Admin Plugin

3 days ago
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP

Welcome Rymera and WholeSale Suite to WPBeginner Growth Fund

3 days ago
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP

How To Get Feedback From Your Visitors

3 days ago
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP

Best eCommerce Fulfillment Options and Companies for Your Store

3 days ago
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP

Is It Really All That Good? (2019)

3 days ago
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP

How to Add a Preloader Animation to WordPress (Step by Step)

4 days ago
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP

Twenty Twenty — The WordPress.com Blog

5 days ago
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP

New Minimum Requirements of WordPress and PHP

5 days ago
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP

How to Monitor Your WordPress Website Server Uptime (Easy Way)

5 days ago
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP
  • Home
  • Sources
    • BobWP
    • Chris Lema
    • Colorlib
    • Winning WP
    • WP Beginner
    • WP Explorer
    • WP Lift
    • WP Sessions
    • WP Tavern
    • WP-Com
    • WP-Org
    • WPEka
    • WPMU Dev
    • OnlineRockersHub
  • Top
  • Themes
  • Plugins
  • WooCommerce
  • Free Stuff
  • Popular Tags
    • WordPress
    • Website
    • Templates
    • Tavern
    • SitePoint
  • Videos
No Result
View All Result
  • Home
  • Sources
    • BobWP
    • Chris Lema
    • Colorlib
    • Winning WP
    • WP Beginner
    • WP Explorer
    • WP Lift
    • WP Sessions
    • WP Tavern
    • WP-Com
    • WP-Org
    • WPEka
    • WPMU Dev
    • OnlineRockersHub
  • Top
  • Themes
  • Plugins
  • WooCommerce
  • Free Stuff
  • Popular Tags
    • WordPress
    • Website
    • Templates
    • Tavern
    • SitePoint
  • Videos
No Result
View All Result
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP
No Result
View All Result

WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern

January 21, 2019
in WP Tavern
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP
0
SHARES
4
VIEWS
Share on FacebookShare on Twitter

Over the weekend, many WPML customers received an unauthorized email from someone who claimed to have hacked the company’s website and gained access to customer emails. WPML founder Amir Helzer suspects that the attacker is a former employee.

“The customer is an ex-employee who left an exploit on the server (not WPML plugin) before leaving. Besides fixing the damage, we’ll also be taking legal actions,” Helzer said Saturday night.

The WPML team worked around the clock over the weekend to secure their systems and sent out an email informing customers of the incident. They also assured customers that the WPML plugin does not contain an exploit and that payment information was not compromised. The company published an announcement to their website, detailing the incident and their response:

We updated wpml.org, rebuilt everything and reinstalled everything. We secured access to the admin use 2-factor authentication and minimized the access that the web server has to the file system.

These are more precautions than actual response to the hack. Our data shows that the hacker used inside information (an old SSH password) and a hole that he left for himself while he was our employee.

This hack was not done via an exploit in WordPress, WPML or another plugin, but using this inside information. In any case, the damage is great and it’s done already.

WPML urges customers not to click on any links in the email the attacker sent out and recommends they change their passwords for wpml.org. The attacker has customer names, emails, and sitekeys, but WPML said the sitekeys cannot be used to push changes to customer websites.

Helzer is convinced that the attack was an inside job and suspects two former employees. He and his team are working to provide evidence to the authorities. He said the the nature of the attack demonstrates that it was likely not an outside hacker:

  • The first time our site was breached was on the day we fired an employee, who had access to our servers. We didn’t identify the breach at that time. However, once we got hacked, we analyzed the original hole and we found in our log when it was placed (yup, he deleted the log, but he didn’t delete the backup). Now that we finished cleaning up the mess, we’re going through all logs and collecting the full evidence.
  • The attacker targeted specific code and database tables that are unique to our site and not generic WordPress or WPML tables.
  • The attacker crafted the attack so that it would cause us long term damage and not be apparent in first sight. That long-term damage is very difficult to guess without knowing our business objectives and challenges. This is information that our employees have, but we don’t disclose.

The idea that a former employee who is known to the company would risk performing these illegal actions is difficult to grasp, even in the case of someone who was fired and may have been acting in retaliation. The risks of being caught seem too great.

“In many jurisdictions including the USA, this is jail time,” Wordfence CEO Mark Maunder said. “So I find it quite incredible that an employee would leave a backdoor, use it to deface their site, steal their data and email all subscribers. This is the infosec equivalent of walking into a police precinct and tagging the wall while the cops watch.”

Helzer said the incident should serve as a wakeup call for companies that employ remote workers. It highlights the importance of having procedures in place for revoking employee access to all systems used as part of day to day operations.

“We have to admit that our site was not secured well enough,” Helzer said. “If someone previously had admin access and stopped working for us, we should have been more careful and avoided this situation.

“This can be a wakeup call for others. We talk a lot about the benefits or remote work and most of the WordPress industry works remotely. This made us realize that we need to be a lot more pessimistic when we allow any access to our system.

“For example, the fact that we’re now coding for ourselves a requirement to login with 2fa, means that we’re not alone in this exposed situation.”

The attacker’s unauthorized email and WPML’s response email went out over the weekend, so many customers will be learning of the incident today when they return to work. Helzer said customers have been supportive so far.

“I think that customers appreciate the fact that we contacted them as fast as we could and we dropped everything and ran to handle this,” he said. “I think that we’ll still have damage. Clients did not run away from us right now but a good reputation is something that you build over years. A nasty incident like this stays ‘on your record.’ This is our livelihood and we take it seriously.”

Like this:

Like Loading…

Related



Credited Source

Tags: AllegesBreachedcustomerEmailsemployeeTavernWebsiteWordPressWPML
Previous Post

30+ Best Directory WordPress Themes 2019

Next Post

Best 20 Beautiful Plastic Surgery and Beauty Artist WordPress Themes 2019

Related Posts

, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP
WP Tavern

WordPress Black Friday Sales Roundup – WordPress Tavern

November 27, 2019
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP
WP Tavern

Optimizing Code in a World That Doesn’t Want to Optimize – WordPress Tavern

November 22, 2019
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP
WP Tavern

10up Releases GitHub Actions for Simplifying WordPress Plugin Deployment – WordPress Tavern

November 20, 2019
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP
WP Tavern

Gutenberg 6.9 Introduces Image Titles, Block Patterns, and New Theme Features – WordPress Tavern

November 19, 2019
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP
WP Tavern

24 WordPress Snippets ’til Christmas, Submissions Open for 2019 – WordPress Tavern

November 16, 2019
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP
WP Tavern

bbPress 2.6 Released After 6 Years, Includes Per-Forum Moderation and Engagements API – WordPress Tavern

November 15, 2019
Next Post
, WPML Alleges Former Employee Breached Website and Took Customer Emails – WordPress Tavern, Rojak WP

Best 20 Beautiful Plastic Surgery and Beauty Artist WordPress Themes 2019

Ads

Rojak WP © 2019

No Result
View All Result
  • Home
  • Sources
    • BobWP
    • Chris Lema
    • Colorlib
    • Winning WP
    • WP Beginner
    • WP Explorer
    • WP Lift
    • WP Sessions
    • WP Tavern
    • WP-Com
    • WP-Org
    • WPEka
    • WPMU Dev
    • OnlineRockersHub
  • Top
  • Themes
  • Plugins
  • WooCommerce
  • Free Stuff
  • Popular Tags
    • WordPress
    • Website
    • Templates
    • Tavern
    • SitePoint
  • Videos

Rojak WP © 2019