14 DAY TRIAL // WooThemes, the developer of popular WordPress themes, appears to have suffered a data breach. The company has become aware of around 300 cases of fraudulent activity with customers’ credit cards.
The company first announced experiencing issues with its payment gateway on May 7. At the time, it informed customers that they would not be able to make purchases until the issue was fixed.
According to a blog post published by the company on Friday, the matter is being investigated. WooThemes is trying to find a pattern for the fraudulent activities.
“Almost all fraudulent transactions have occurred in the last 5 days. With most customers already informed by their banks and transactions blocked or cards cancelled,” Mark Forrester, the co-founder of WooThemes, explained in the blog post.
“Whilst the fraudulent activity has happened in that period, the actual transactions on WooThemes do (in a very small number of cases) go back to the beginning of the year. This doesn’t add up and further audits are being conducted.”
In the meantime, the company has called in security firm Sucuri to conduct a security audit. So far, Sucuri has identified three modified files on WooThemes’ server that point to an attack.
“It can not be said this is the reason for any leaked credit card information, and investigations continue. To be on the safe side we urge all customers to check their cards for any fraudulent activity and letting both us and your bank know if you discover any unusual charges,” Forrester wrote.
The company highlights the fact that it does not store any payment card information in its systems, so the attackers couldn’t have got it from them directly. One possible scenario, according to Forrester, is that the information was somehow intercepted in the checkout process.
On Twitter, the company has clarified that this isn’t related to a code vulnerability in the WooCommerce e-commerce solution, but an attack on its website.
All of the company’s 230,000 newsletter subscribers have been notified. In addition, WooThemes has requested a full review from its host and payment gateway, and it has updated its SSL certificates.
While the incident is being investigated, the firm has moved its payment gateway to PayPal Express.
The company promises to provide more information on the incident as it becomes available. In the meanwhile, a number of users have complained on Twitter about fraudulent activities on their cards. Fortunately, most report that the unauthorized transactions have been detected in time.