Over the past few days, WooThemes has been looking into its servers investigating a possible breach of credit card data. Recent updates from the company show that a number of user accounts had indeed been compromised and their credit cards might have misused.
The whole issue started when fraudulent activities were committed on the credit cards of certain WooThemes users. This prompted the service to investigate whether a security vulnerability had somehow enabled hackers to access the data of the users.
As a result of the detailed investigation, WooThemes discovered three modified files stored on its servers. This hinted that the hackers had been able to breach the security and access and modify the server. The company then sent out a mass email to its users, asking them to respond if they have seen any suspicious activity on their credit cards.
In response, many users informed WooThemes of such instances. The responses showed that the scope of the hack was far larger than what the company previously thought. The company insists that it doesn’t store any credit card information and that the hack probably happened during the checkout time.
This episode is very worrying because it shows that even if an online service doesn’t store your credit card data, a hacker may still be able to intercept this data during the Checkout process. However, a hacker will still need server access in order to pull this off. And if online services can improve their server security and patch up any vulnerabilities, this may finally ward off similar incidents in the future.
It is important to note here that the security breach was limited to the Woothemes.com site alone. It doesn’t affect the WooCommerce plugin or any other offerings by the same company.