iThemes Suffers Security Breach, Customers Urged To Reset Passwords

iThemes LogoiThemes published details on a security breach that took place earlier today. According to the announcement, after noticing suspicious activity, they noticed a signification attack on their membership database. iThemes urges all customers to reset their passwords immediately. To protect accounts from any unauthorized access, iThemes has temporarily reset all user passwords. To regain access to your account, you’ll need to reset your password.

The attackers could gain access to the following customer data:

  • Username
  • Password
  • Email address
  • First and last name (if you set it)
  • IP address
  • The names of products you purchased
  • Coupon codes you might have used
  • Access times
  • Payment receipt information (but no other payment info)

Since a third-party payment processor is used, credit card information is not at risk of being obtained. iThemes is working to figure out how the attack happened, ensure the security of the rest of their servers, and make sure the site is safe for visitors to browse. The team has outlined a three-step process towards accomplishing these tasks.

  • We are performing a review / audit of our Information Technology (IT) Stack
  • We are performing a review / audit of our Products and their code base
  • We are reviewing and updating our Security Incident Response and Detection procedures

iThemes is partnering with security service company, Sucuri, to help with the discovery process. The CEO of iThemes, Cory Miller, concluded the announcement with the following statement.

I deeply apologize for this event. Security is a staple of the service and products we provide and I assure you we will do everything we can to analyze, understand how this occurred and seek to prevent it from happening again.

Know that your personal information is of the utmost priority to me and if you have any questions or concerns, please let us know.

Although no business owner wants to go through an experience like this, I give kudos to iThemes for being upfront and honest with their customers instead of waiting for days. If you’re an iThemes customer, please make the effort to change your password as soon as possible.


20 responses to “iThemes Suffers Security Breach, Customers Urged To Reset Passwords”

    • @Webdesinz – this only pertains to your account on – assuming you have one. If not then there’s no need to worry, if so then you’ll want to change your password there.

      Also worth pointing out, if you do have an ithemes account and you use the same password for your wp login, (or anywhere else on the web, to be honest) you’ll definitely want to change that as well.

  1. Kuddos to the iThemes team for being so quickly proactive on this issue. Unfortunately no matter how much or how little security is on a site, this just goes to show that no site is ever 100% secure. That is the first lesson in security. While I am sure we will never know how the got in or exactly what was compromised, I have full faith that they will fix the breach.


Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.