1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WooThemes Hacked.

Discussion in 'BlackHat Lounge' started by Asif WILSON Khan, May 23, 2014.

  1. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Premium Member

    Joined:
    Nov 10, 2012
    Messages:
    10,112
    Likes Received:
    28,526
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    WooThemes hacked. Premium WordPress theme manufacturer warns of credit card leak

    http://www.hotforsecurity.com/blog/...ufacturer-warns-of-credit-card-leak-8578.html

    There?s potentially some rather bad news today if you are a customer of WooThemes, the popular WordPress theme manufacturer. The first sign of a possible problem at WooThemes, was yesterday when the company?s code ninjas tweeted that it was ?looking into issues? with
    its payment gateway .
    [​IMG]
    Today, in a blog post, the company confirmed that it had received approximately 300 reports from customers of fraudulent credit card activity, most of which have occurred in the last five days. Some users took to Twitter to tell the company that they had fallen victim. [​IMG]
    WooThemes was at pains to underline that it doesn?t store any credit card details on its website, and that the security issue does not appear to involve a vulnerability in WooThemes-developed themes which are used by many popular WordPress websites. In today?s blog post, and in an email sent to its 230,000 newsletter subscribers, WooThemes said that it had called in Sucuri to conduct a code and security audit, updated its SSL certificate, and changed its payment gateway to PayPal Express ? taking all parts of the payment process completely offsite. [​IMG]
    According to WooThemes, Sucuri identified three modified files on the company?s server which pointed towards an attack ? although these have not yet been linked to the leaked credit card information. It would be great to know more information about what those files consisted of (were they malicious scripts, for instance?) but for now, no further information is forthcoming. Some have speculated that although WooThemes does not store credit card information, details could have been intercepted in-transit as credit cards were used to make purchases. Right now, WooThemes seems to be doing the right thing. It has called in experts to audit its systems and determine if any security holes exist, and taken preventative steps to prevent future visitors to its online store from being impacted. Furthermore, it has informed its customers that there is a problem, told them to lookout for unexpected transactions on their credit cards, and promised to keep its blog post updated with further information as it becomes available. As more and more companies do business online, criminals become ever more attracted to targeting them with attacks ? hoping to grab credit card and personal information that could be later exploited for financial purposes. Each and everyone of us has to be cautious about how we act online, and take care to check out credit card and bank transactions for unexpected activity which could signal we have fallen victim to a hack attack.


    http://www.hotforsecurity.com/blog/...ufacturer-warns-of-credit-card-leak-8578.html
     
    • Thanks Thanks x 5
  2. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    787
    Likes Received:
    3,117
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    good thing we never pay for any of 'em! :D
     
  3. BuildMoreLinks

    BuildMoreLinks Jr. VIP Jr. VIP Premium Member

    Joined:
    Jun 7, 2012
    Messages:
    1,910
    Likes Received:
    655
    Location:
    17.3660° N, 78.4760° E
    damn a lot of sites are getting hit recently, Ebay was also hit a couple of days back.
     
  4. judif414

    judif414 Regular Member

    Joined:
    Feb 25, 2013
    Messages:
    488
    Likes Received:
    438
    At least they're more transparent than ebay.
     
  5. AmateRasu

    AmateRasu Power Member

    Joined:
    Nov 12, 2013
    Messages:
    755
    Likes Received:
    423
    Location:
    Manila,Philippines
    I heared that ebay was backed feb. 2014 annd it was revealed few days ago
     
  6. srinu0812

    srinu0812 Supreme Member

    Joined:
    Nov 1, 2012
    Messages:
    1,311
    Likes Received:
    755
    Exactly, they tried to convey what's happening. Not the regular dialogue given out by companies :p
     
  7. JasonS

    JasonS Jr. VIP Jr. VIP

    Joined:
    Sep 15, 2012
    Messages:
    2,989
    Likes Received:
    912
    Home Page:
    That is why I always avoid direct CC transactions on the Internet. Everything can be happen with any big company.
    Paypal is most safest way for online transactions.
     
  8. techblog

    techblog Jr. VIP Jr. VIP

    Joined:
    Feb 12, 2013
    Messages:
    1,222
    Likes Received:
    383
    Occupation:
    Freelancer
    Location:
    Email Server
    i trust VCCs more than paypal.
     
  9. Aluminium

    Aluminium Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 5, 2013
    Messages:
    1,543
    Likes Received:
    874
    Gender:
    Male
    Occupation:
    High-Quality Content Provider
    Location:
    Canada
    Home Page:
  10. obiwan010

    obiwan010 Newbie

    Joined:
    May 24, 2014
    Messages:
    7
    Likes Received:
    2
    Thanks for the heads up we have 3 sites running Woo Themes!
     
  11. mindlesswizard

    mindlesswizard Supreme Member

    Joined:
    Sep 3, 2010
    Messages:
    1,359
    Likes Received:
    282
    Occupation:
    Designer/Developer, Internet Marketer
    Location:
    in the shade of Everest
    damn ! not a good news since i also run a theme business :(