13 Comments


  1. After having been caught up as a customer by the Target and Adobe hacks, I can sympathize for WooThemes. It’s becoming apparent that the hackers are able to get into a lot of supposedly secure systems, not just WooThemes. I look forward to WooThemes recovering from the attacks and moving forward from this.

    Reply
  2. mtibesar

    Just another WooThemes drama story. Sure glad I abandoned them after the first security incident.

    Reply

    1. Why did you abandon them? Was it because the security incident happened in the first place or was it their response to the incident or something else? Just curious.

      Reply

      1. Sorry Jeff Chandler – didn’t see your reply right away. I abandoned them because they didn’t have backups of our accounts and critical data which then caused weeks of havoc for us customers and their staff
        – unbelievable incompetence in my book!

        Reply

  3. Nasty, if the card details are not stored on their system, the data must have been captured in real time similar to the target attack which scraped the memory of the server. I would have thought that they would have used a method to monitor changed files, but with an attack of this level, it is not that easy.
    I would be completely furious if I had been ripped off by thousands of dollars.

    I left WooThemes about 4 years ago when they told me that they never tested any of their themes on a server where they could check the errors to see if the theme generated errors. That coupled with the fact that their address seems to be a PO Box in South Africa put me off their products. But such is life, I am a British National living and working in Asia.

    Reply
    1. littleguy

      I don’t think the attack was very sophisticated – you punched in your credit card numbers on their homepage, and THEN they sent it to the payment provider. So all I have to do is write a little code to send the CC number to me, and that’s it. Not very sophisticated.

      Reply

    2. It’s speculation but it seems like some sort of man in the middle attack was going on. I wonder how many numbers were compromised.

      Reply

  4. WooThemes are the victim of the crime here as well as us. It’s a shame people rush to judge and shout at WooThemes. They have been transparent and professional in dealing with this.

    Reply

    1. Because they are a technology-oriented company, used by technologically-oriented people, they face extra scrutiny and are held to a higher standard of responsibility, however fair or unfair that may seem.

      Reply

    2. I’ve always judged a company based on (A) How it happened and (B) their response and explanation as to what they are going to do or have done to prevent it from happening in the future. WooThemes has done both and although they’ve lose some consumer confidence, you can’t ask much more from them.

      Reply
  5. Martin

    This is interesting, May 9th my bank cancelled my credit card due to fraudulent activity. Two small charges went onto my VISA card and the bank said the two payments were probably test payments to check the card, then larger charges would probably be made. The bank picked up the two payments right away because I mainly only used PayPal for card transactions on that card, WooThemes credit card payments for WooCommerce extensions went on it as well.

    I only got an email about this WooThemes hack incident yesterday!

    Wonder how much WooThemes will profit of this hack incident thanks to the affiliate links for 1Password in their notice email… sure it’s a 50% discount, I doubt they would advertise 1Password without making something from it? poor taste imo.

    Reply

  6. I wonder if anyone at WooThemes has ever used 1Password? I struggled with the paid version on several devices for three months and then threw in the towel. I now use LastPass which is sooooooo much better!

    Reply

  7. WooThemes should be held to a higher standard.They’re a technology company with a leading WordPress ecommerce product and they didn’t address a hack that occurred not just over a few hours or days, but over several months on a timely basis.

    We got stung for $2400 in fraudulent charges. It happened so fast we detected it before our bank did. While we’re sure we won’t incur those expenses, we aren’t being compensated for time put into completing claims paperwork along with loss of credit for 7-10 workdays.

    Pardon the indignation, but the 50% discount on WooThemes products through the end of May is laughable and isn’t apology enough for the inconvenience we’ve experienced.

    Reply

Leave a Reply