Templatic, a WordPress commercial theme company, reported on Saturday, April 30th, that its site was hacked. Files and databases containing customer usernames and passwords were compromised. According to R. Bhavesh, founder of Templatic, the data is being held for ransom money.
The hacker is now threatening us via email and demanding ransom money be paid. This hacker is also threatening to misuse the data they’ve illegally gained access to and email our data to customers.
While this is a very serious and dangerous threat, we are not going to give in to threats and we will not be negotiating with any hacker and that’s no matter how much they try.
Bhavesh is working with local authorities and security experts who are investigating the matter. Since transactions on Templatic are handled directly by PayPal or 2Checkout, hackers were not able to obtain credit card information.
Customers Should Immediately Change Their Passwords
If you’ve ever shared cPanel, FTP, or wp-admin, login credentials with Templatic, you should immediately change your passwords. If you are using a product that relies on the Tevolution plugin and haven’t updated yet, you should do so immediately.
Customers are advised to ignore emails sent from Templatic, “The email we sent today is the last email we will send regarding this matter. Anything further, we will share it on our social mediate accounts at twitter, facebook and our official blog here,” Bhavesh said.
Customers are also advised to create a full backup of their sites and use a free site scanning tool to scan for unknown files. Bhavesh apologized for what happened and says he accepts full responsibility, “I take up the responsibility of this and I sincerely apologize to each single one of our customers. We assure you that we are taking best security measures and fight this, no matter what.”
Makes sense when I started getting fake emails from wordpress theme companies I never heard about and never signed up for. WPLab (xyzwplab at gmail.com> Something about EngineThemes.