Friday, March 5, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Popular WordPress plugin hacked by angry former employee

January 20, 2019
in Internet Security
Popular WordPress plugin hacked by angry former employee
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A very popular WordPress plugin was hacked over the weekend after a hacker defaced its website and sent a mass message to all its customers revealing the existence of supposed unpatched security holes. In a follow-up mass email, the plugin’s developers blamed the hack on a former employee, who also defaced their website.

The plugin in question is WPML (or WP MultiLingual), the most popular WordPress plugin for translating and serving WordPress sites in multiple languages.

You might also like

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines

With its acquisition of Auth0, Okta goes all in on CIAM

Singapore Airlines frequent flyer members hit in third-party data security breach

According to its website, WPML has over 600,000 paying customers and is one of the very few WordPress plugins that is so reputable that it doesn’t need to advertise itself with a free version on the official WordPress.org plugins repository.

But on Saturday, ET timezone, the plugin faced its first major security incident since its launch in 2007.

The attacker, which the WPML team claims is a former employee, sent out a mass email to all the plugin’s customers. In the email, the attacker claimed he was a security researcher who reported several vulnerabilities to the WPML team, which were ignored. The email[1, 2, 3, 4, 5] urged customers to check their sites for possible compromises.

But the WPML team vehemently disputed these claims. Both on Twitter[1, 2] and in a follow-up mass email, the WPML team said the hacker is a former employee who left a backdoor on its official website and used it to gain access to its server and its customer database.

WPML claims the hacker used the email addresses and customer names he took from the website’s database to send the mass email, but he also used the backdoor to deface its website, leaving the email’s text as a blog post on its site [archived version here].

Developers said the former employee didn’t get access to financial information, as they don’t store this kind of details, but they didn’t rule that he could now log into customers’ WPML.org accounts as a result of compromising the site’s database.

The company says it’s now rebuilding its server from scratch to remove the backdoor and resetting all customer account passwords as a precaution.

The WPML team also said the hacker didn’t gain access to the source code of its official plugin and did not push a malicious version to customers’ sites.

The company and its management weren’t available for additional questions regarding the incident. It is unclear if they reported the employee to authorities at the time of writing. If the company’s claim is true, there is little chance of the former employee escaping jail time.

This is the infosec equivalent of walking into a police precinct and tagging the wall while the cops watch.

— Mark Maunder. (@mmaunder) January 20, 2019

More data breach coverage:


Credit: Source link

Previous Post

Tools, practices for small-business management |

Next Post

Decentralized Machine Learning (CRYPTO:DML) Market Cap Reaches $191,478.00

Related Posts

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines
Internet Security

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines

March 5, 2021
With its acquisition of Auth0, Okta goes all in on CIAM
Internet Security

With its acquisition of Auth0, Okta goes all in on CIAM

March 5, 2021
Singapore Airlines frequent flyer members hit in third-party data security breach
Internet Security

Singapore Airlines frequent flyer members hit in third-party data security breach

March 5, 2021
Ransomware as a service is the new big problem for business
Internet Security

Ransomware as a service is the new big problem for business

March 5, 2021
Microsoft: We’re cracking down on Excel macro malware
Internet Security

Microsoft: We’re cracking down on Excel macro malware

March 4, 2021
Next Post
Decentralized Machine Learning (CRYPTO:DML) Market Cap Reaches $191,478.00

Decentralized Machine Learning (CRYPTO:DML) Market Cap Reaches $191,478.00

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

How to Meet the Enterprise-Grade Challenge of Scaling AI 
Artificial Intelligence

How to Meet the Enterprise-Grade Challenge of Scaling AI 

March 5, 2021
Comprehensive Report on Machine Learning Market 2021 | Size, Growth, Demand, Opportunities & Forecast To 2027
Machine Learning

Comprehensive Report on Machine Learning Market 2021 | Size, Growth, Demand, Opportunities & Forecast To 2027

March 5, 2021
GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines
Internet Security

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines

March 5, 2021
Convergence of AI, 5G and Augmented Reality Poses New Security Risks 
Artificial Intelligence

Convergence of AI, 5G and Augmented Reality Poses New Security Risks 

March 5, 2021
2021 Gartner Magic Quadrant for Data Science and Machine Learning Platforms
Machine Learning

2021 Gartner Magic Quadrant for Data Science and Machine Learning Platforms

March 5, 2021
With its acquisition of Auth0, Okta goes all in on CIAM
Internet Security

With its acquisition of Auth0, Okta goes all in on CIAM

March 5, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • How to Meet the Enterprise-Grade Challenge of Scaling AI  March 5, 2021
  • Comprehensive Report on Machine Learning Market 2021 | Size, Growth, Demand, Opportunities & Forecast To 2027 March 5, 2021
  • GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines March 5, 2021
  • Convergence of AI, 5G and Augmented Reality Poses New Security Risks  March 5, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates