Establishing Digital Trust: Don't Sacrifice Security for Convenience
The WordPress themes provider WooThemes recently announced on its website and notified its 230,000 newsletter subscribers that several cases of fraudulent activity had been reported on its customers' credit cards (h/t SC Magazine).
Following the announcement, almost 1,000 WooThemes customers reported that they had experienced credit card fraud.
The company hired Sucuri to conduct a code and security audit, and according to WooThemes, three modified files were found on the company's server, "pointing towards an attack."
Because WooThemes doesn't store credit card details, the company said in a statement, "We believe these sophisticated criminal hackers had intercepted some credit card details between checkout and our off site credit card processor."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Customers who made purchases between November 27, 2013 and May 8, 2014 appear to be affected.
As a precaution, WooThemes has changed its payment gateway to PayPal Express, and has reset all customer passwords.
"There is no evidence that shows any signs of WooCommerce code vulnerabilities," the company stated. "If our further investigation show any insecurities in our products, we will of course take immediate steps."