WooThemes Continuing To Investigate Reports Of Fraudulent Activity

WooThemes is continuing to investigate a handful of reports of fraudulent activity on customers’ credit card accounts. The company worked with Sucuri who conducted a code audit and discovered three modified files on their server pointing toward an attack. WooThemes has published a blog post explaining the steps they’ve taken to prevent this incident from occurring in the future.

Mark Forrester made it clear in the announcement that the company doesn’t store any credit card details on the site, nor does WooCommerce, which increases the difficulty in identifying the problem. Although many of the reports are from customers who have made a purchase within the last 8 days, cards that were used in January have also been reported as compromised.

WooThemes Credit Card Featured Image
photo credit: 401(K) 2013cc

Some customers are experiencing upwards of $10,000 in fraudulent activity. In a recent thread on Reddit, some questioned whether WooThemes is trying to sweep this attack under the rug. Forrester said they understand the community’s frustration and are frustrated as a company as this was a criminal attack on their business. He also went on to say:

We really hope the general opinion is not that we are quietly avoiding this, and hoping it will blow over. We’ve been as forthcoming with information as we can be at this stage. We’ve answered as many press questions as we can, and we’ve updated our blog post with any new information as we get it.

There are many parts to this puzzle, many service providers, and many investigations internally and with authorities and financial institutions. Pointing fingers without supporting evidence is dangerous. We accept the fact that if you hadn’t shopped at WooThemes this would have probably not happened to you, and that makes us really sad. Our brand is known for excellent customer service, and this does not gel with that mantra.

We hope to bounce back stronger, but we realize we might lose some customer’s confidence along the way.

As a precautionary measure, WooThemes has reset their customer’s passwords. So far, 1,000 cases of fraudulent activity have been reported with reports drastically slowing down since May 9th.

This Is Not The First Time WooThemes Has Had Security Troubles

Two years ago almost to the day, WooThemes suffered a major attack that took out their database as well as the content on their server. The backups were deleted as were traces of the attack. The details regarding the attack were never published although the company said they would be, “Long story short, as we’ll save the juicy details for another blog post”.

Although WooThemes has done a good job keeping everyone informed about this latest security problem via their blog, they’ll need to explain to the public what happened in order to help customers regain confidence in doing business with them.

What Should You Do?

Customers should keep an eye on their credit card statements and report fraudulent activity to their financial institution. You should also contact WooThemes so they can add the report to their investigation.

13 Comments


  1. After having been caught up as a customer by the Target and Adobe hacks, I can sympathize for WooThemes. It’s becoming apparent that the hackers are able to get into a lot of supposedly secure systems, not just WooThemes. I look forward to WooThemes recovering from the attacks and moving forward from this.

    Report


  2. Just another WooThemes drama story. Sure glad I abandoned them after the first security incident.

    Report


    1. Why did you abandon them? Was it because the security incident happened in the first place or was it their response to the incident or something else? Just curious.

      Report


      1. Sorry Jeff Chandler – didn’t see your reply right away. I abandoned them because they didn’t have backups of our accounts and critical data which then caused weeks of havoc for us customers and their staff
        – unbelievable incompetence in my book!

        Report


  3. Nasty, if the card details are not stored on their system, the data must have been captured in real time similar to the target attack which scraped the memory of the server. I would have thought that they would have used a method to monitor changed files, but with an attack of this level, it is not that easy.
    I would be completely furious if I had been ripped off by thousands of dollars.

    I left WooThemes about 4 years ago when they told me that they never tested any of their themes on a server where they could check the errors to see if the theme generated errors. That coupled with the fact that their address seems to be a PO Box in South Africa put me off their products. But such is life, I am a British National living and working in Asia.

    Report


    1. I don’t think the attack was very sophisticated – you punched in your credit card numbers on their homepage, and THEN they sent it to the payment provider. So all I have to do is write a little code to send the CC number to me, and that’s it. Not very sophisticated.

      Report


    2. It’s speculation but it seems like some sort of man in the middle attack was going on. I wonder how many numbers were compromised.

      Report


  4. WooThemes are the victim of the crime here as well as us. It’s a shame people rush to judge and shout at WooThemes. They have been transparent and professional in dealing with this.

    Report


    1. Because they are a technology-oriented company, used by technologically-oriented people, they face extra scrutiny and are held to a higher standard of responsibility, however fair or unfair that may seem.

      Report


    2. I’ve always judged a company based on (A) How it happened and (B) their response and explanation as to what they are going to do or have done to prevent it from happening in the future. WooThemes has done both and although they’ve lose some consumer confidence, you can’t ask much more from them.

      Report


  5. This is interesting, May 9th my bank cancelled my credit card due to fraudulent activity. Two small charges went onto my VISA card and the bank said the two payments were probably test payments to check the card, then larger charges would probably be made. The bank picked up the two payments right away because I mainly only used PayPal for card transactions on that card, WooThemes credit card payments for WooCommerce extensions went on it as well.

    I only got an email about this WooThemes hack incident yesterday!

    Wonder how much WooThemes will profit of this hack incident thanks to the affiliate links for 1Password in their notice email… sure it’s a 50% discount, I doubt they would advertise 1Password without making something from it? poor taste imo.

    Report


  6. I wonder if anyone at WooThemes has ever used 1Password? I struggled with the paid version on several devices for three months and then threw in the towel. I now use LastPass which is sooooooo much better!

    Report


  7. WooThemes should be held to a higher standard.They’re a technology company with a leading WordPress ecommerce product and they didn’t address a hack that occurred not just over a few hours or days, but over several months on a timely basis.

    We got stung for $2400 in fraudulent charges. It happened so fast we detected it before our bank did. While we’re sure we won’t incur those expenses, we aren’t being compensated for time put into completing claims paperwork along with loss of credit for 7-10 workdays.

    Pardon the indignation, but the 50% discount on WooThemes products through the end of May is laughable and isn’t apology enough for the inconvenience we’ve experienced.

    Report

Comments are closed.