Templatic Hacked, Files and Databases Compromised

Templatic, a WordPress commercial theme company, reported on Saturday, April 30th, that its site was hacked. Files and databases containing customer usernames and passwords were compromised. According to R. Bhavesh, founder of Templatic, the data is being held for ransom money.

The hacker is now threatening us via email and demanding ransom money be paid. This hacker is also threatening to misuse the data they’ve illegally gained access to and email our data to customers.

While this is a very serious and dangerous threat, we are not going to give in to threats and we will not be negotiating with any hacker and that’s no matter how much they try.

Bhavesh is working with local authorities and security experts who are investigating the matter. Since transactions on Templatic are handled directly by PayPal or 2Checkout, hackers were not able to obtain credit card information.

Customers Should Immediately Change Their Passwords

If you’ve ever shared cPanel, FTP, or wp-admin, login credentials with Templatic, you should immediately change your passwords. If you are using a product that relies on the Tevolution plugin and haven’t updated yet, you should do so immediately.

Customers are advised to ignore emails sent from Templatic, “The email we sent today is the last email we will send regarding this matter. Anything further, we will share it on our social mediate accounts at twitter, facebook and our official blog here,” Bhavesh said.

Customers are also advised to create a full backup of their sites and use a free site scanning tool to scan for unknown files. Bhavesh apologized for what happened and says he accepts full responsibility, “I take up the responsibility of this and I sincerely apologize to each single one of our customers. We assure you that we are taking best security measures and fight this, no matter what.”

Would you like to write for WP Tavern? We are always accepting guest posts from the community and are looking for new contributors. Get in touch with us and let's discuss your ideas.

24 Comments


  1. Makes sense when I started getting fake emails from wordpress theme companies I never heard about and never signed up for. WPLab (xyzwplab at gmail.com> Something about EngineThemes.

    Report


  2. Thanks for the heads up, Jeff. I (unfortunately) saw it here first. As a customer of Templatic (several years ago) I’d think I would’ve heard it from them. Guess not.

    Report


    1. Have you changed email addresses since then? They emailed all their customers on the 30th.

      Report


      1. Negative. Spam perhaps.

        Report


    2. I apologize. I have personally sent email to each one of our customers who ever registered on our site (purchased a product or not). I don’t know why it didn’t reach to you. We also announced this on our social media first, then did a full blog post.

      Report


      1. I have to say, the first I heard of this was through WP Tavern. No emails whatsoever, and I am an active user of Directory and currently receiving fairly regular support.

        Report


  3. This is scary. Templatic is behind a WAF and still it was hacked? Or perhaps they secured their site with Sucuri WAF only after the hack?

    Report


  4. we will share it on our social mediate accounts

    should be

    we will share it on our social media accounts

    Report


  5. I sincerely hope Templatic shares the how and why of this incident as well as the recent security vulnerabilities in their products, so everyone else can learn from it and avoid a similar fate for themselves and their customers.

    Report


      1. We will do the right thing and would love to share. Right now, coping up with “after hack cleanup and maintenance”

        Report


    1. It would be great to share the three-tier architecture of your hosting environment before the incident happened. You may also include things like security patches and software updates roll-out approaches in-place to keep your server secure and up-to-date.

      Report


  6. Templatic :: System Details: Running on: Sucuri/Cloudproxy

    They already have the sucuri protection and still they have been hacked.

    Report


    1. Sucuri is not at fault. We were not using sucuri when the hack happened.

      Report


  7. This reminds me of all the times companies have asked me to share FTP/SSH credentials via their support systems and wondered why I refused to hand them over. If details like that are going to be shared, they need to be deleted immediately so that these sorts of problems can not occur.

    Report


    1. You are right Ryan,

      Customers however have different level of technical knowledge. Sometime, they don’t even know what a theme or plugin is. We ask for FTP in order to speed up the issues they are facing instead of making them go through the technicalities (which frustrates them very quickly).

      Downside is that things like this can happen. At the moment we are using Groove.com SaaS helpdesk so no issues there. But our old helpdesk did have some tickets there.

      Report


      1. But you could just (fully) delete them straight away. Then the data would not be stored in the database and only fresh data could be compromised at least.

        Report


      2. I have used LastPass for many years and on my mobile phone too.

        A very smart server admin introduced me to it and suggested I use it to share my login credentials with his company.

        LastPass has the ability to share login credentials without letting the password be seen by the person you’re sharing it with, you can see in their logs if the credentials have ever been used, and the share can easily be revoked.

        Works for me and I bet it would work for most people here too.

        Report


  8. This is too sad. I hope those affected customers didn’t use the same password as their financial account password.

    Report


  9. The link to the “free site scanning tool” mentioned in the post sends you to Sucuri who scans you site and never ever finds a firewall, even if you have one. Point being is that Sucuri wants to sell it’s services, so I am suspicious about the results. I guess the author should’ve suggested a truly free service not out to sell stuff.

    Report

Comments are closed.