WPML site got hacked on Saturday, January 19, 2019, causing loss of clients’ data. The team WPML rebuilt the site and now it’s back to working state. WPML customers received an unauthorized email from an intruder who got into the site and used their mailer. WPML founder Amir Helzer suspects a former employee for this attack.
“The customer is an ex-employee who left an exploit on the server (not WPML plugin) before leaving. Besides fixing the damage, we’ll also be taking legal actions,”Amir Helzer said at
WPML authority wants such emails to be deleted as the links in hacked emails can cause additional problems.
Steps that WPML has taken so far
- Updated wpml.org
- Rebuilt everything
- Reinstalled everything
- Secured access to the admin using 2-factor authentication
- Minimized the access to the file system
“This hack was not done via an exploit in WordPress, WPML or another plugin, but using this inside information. In any case, the damage is great and it’s done already.”WPML authority
Some of the WPML’s clarifications for their clients
They also clarified the followings:
- WPML plugin running on clients’ site does not contain this exploit.
- Clients’ payment information was not compromised (They don’t store it).
- The intruder has clients’ names and emails and might have access to their accounts at WPML.org.
- The intruder indeed stole the sitekeys, but he (the intruder) cannot push any changes to clients’ site using these keys.
WPML apologizes for being responsible for this mess and recommends all clients to reset their accounts in wpml.org. They advised not to follow links in emails, as the attacker may still be sending emails to trick clients instead open a browser, type in https://wpml.org and log-in.
This is an alarm for everyone who is running such business online. Regardless of what platform your website is on, you may face such attack if you don’t care much about such facts and don’t take security measures. What they did after the breach should’ve done beforehand. Be aware of changes to your website. It is not only about your company, but also your client’s site might also be affected. So, be careful.