F5.5G Leap-forward Development of Broadband in Africa The Africa Broadband Forum 2024 (BBAF 2024) was successfully held in Cape Town, South Africa recently, under…
WooThemes hopes security breach, 1 000 fraudulent cases, will make it ‘even stronger’
WordPress Theme and Plugin provider, WooThemes, announced last week that it had received reports of fraudulent activities on customers’ credit cards. An update to an official blog post on 12 May confirmed that there had been close to 1 000 fraudulent cases reported, but these reports have drastically slowed down.
After the attacks were brought to WooThemes’ attention, the company set out to determine the origin of the vulnerability. After updating its SSL certificate, requesting a full review by its host and payment gateway, and contacting Sucuri (which handles WooThemes’ code and security audit) the company found three modified files on its servers “pointing towards an attack.”
The company announced that it had moved its payment processing to PayPal Express as a precautionary measure.
What appears to be one of the earliest reports came from a Thomas Ciccarelli who sent Ventureburn this message:
WooThemes.com — 3 days ago there was a leak of credit card data, and they didn’t tell anyone. I’ve had over 10k in charges on the two cards I have on file with them. They haven’t told their customers to warn them. This news needs to be made public so people can protect themselves and I just want to prevent this from happening to anyone else.
Here was my correspondence with support.
Thomas * May 08 18:54 Two credit cards that I have used on your system has ended up with credit card fraud. One card was only used on this website. It was a brand new card. I have read online that your checkout is not secure. You have cost my business thousands of dollars and time I can never recover. I will be reporting your company to the credit companies for further investigation.
Hi Thomas, I’m very sorry to hear that your card has been used fraudulently! We have had a few reports today of similar issues from other customers. You should contact your CC company and cancel the cards and report the fraudulent transactions if you haven’t already done so. The common practice is that they will not charge you for the fraudulent transactions, and issue you a new card. We take this very seriously and we are investigating this with our hosting provider and security experts, along with our current payment gateway. We will let you know once we have more information on this issue. Sorry for the inconvenience! Regards, Magnus Jepson Co-Founder
The scammers who used my credit card information decided to book hotel rooms in Paris under their real names and use their personal email addresses. The hotel was nice enough to disclosed the booking information to me. facebook/ajibola.moshood.10 facebook/ademosu.akintundemoses
WooThemes states that it is analysing all reported fraudulent transactions to try and determine a pattern. The blog post confirms that “almost all” fraudulent transactions occured in the last five days and most customers had already taken the necessary actions to block or cancel their cards through their banking institutions.
WooThemes co-founder Mark Forrester told Ventureburn that investigations are ongoing and inconclusive.
“Our investigations have been extensive, as have the audits and technical analyses by Sucuri, our payment gateway, and our host. We have not left a stone unturned and actioned some drastic precautionary security measures. Financial institutions and the authorities continue their investigations,” he adds.
WooThemes stresses that it does not store any credit card details and believes that the “information was potentially intercepted in the checkout process.” Regardless the company has reset all customer passwords as a precautionary measure, Forrester tells Ventureburn.
There have been no reported vulnerabilities in WooThemes’ flagship WooCommerce plugin, its themes or extensions which will be a relief to both the company and its customers. Forrester confirms that the attack was on WooThemes.com itself; so the company has moved product downloads as a precautionary measure.
WooThemes customers would do well to wait until the results of the investigations are complete, and report any fraudulent activity to WooThemes support via email or on Twitter to help with its investigation. WooThemes recommends that customers keep an eye out for suspicious transactions on their account — “whilst banks are often quick to pick up and block/cancel cards, you can never be too cautious,” adds Forrester.
WooThemes has a loyal and active community of customers which has largely shown its support for the company via social media channels:
@duncanmacgregor Really hope your card info wasn’t compromised either, just keep us/your card issuer informed if you see anything. ^RR
— WooThemes Support (@WooSupport) May 10, 2014
“…our transparency and speed at which we’ve reacted, coupled with the amazing support from our community means we’ve come out of this testing chapter with scars, yet no life threatening conditions. We’re determined to make WooThemes even stronger.”