20 Comments

  1. Sam Hotchkiss

    Can we get any information on how the passwords were stored? Were they in plain text, hashed, salted and hashed?

    Report

  2. Webdesinz

    thanks for this info. I only have a free ithemes plugin and was able to get into my site, with my wordpress login, is this because I dont have the premium version?

    Report

    • Jimmy Smutek

      @Webdesinz – this only pertains to your account on ithemes.com – assuming you have one. If not then there’s no need to worry, if so then you’ll want to change your password there.

      Also worth pointing out, if you do have an ithemes account and you use the same password for your wp login, (or anywhere else on the web, to be honest) you’ll definitely want to change that as well.

      Report

  3. Brenda

    THIS, is how you handle notification/management of breaches. PROPS TO CORY MILLER AND THE TEAM.

    Report

  4. brodyross2014

    i guess that I themes security plugin in is not so great after all

    Report

  5. Rick

    Wait… they stored passwords as plain text?

    Report

  6. Michele Butcher

    Kuddos to the iThemes team for being so quickly proactive on this issue. Unfortunately no matter how much or how little security is on a site, this just goes to show that no site is ever 100% secure. That is the first lesson in security. While I am sure we will never know how the got in or exactly what was compromised, I have full faith that they will fix the breach.

    Report

  7. ANTi-CAP

    Oh my……. and they even have a security app out if I’m not mistaken. WP = EASY TARGET.

    Report

  8. Achin

    The users must be horrified knowing that their info is being hacked.

    Report

Comments are closed.

%d bloggers like this: