WooThemes hacked. Premium WordPress theme manufacturer warns of credit card leak

There’s potentially some rather bad news today if you are a customer of WooThemes, the popular WordPress theme manufacturer.

The first sign of a possible problem at WooThemes, was yesterday when the company’s code ninjas tweeted that it was “looking into issues” with its payment gateway.

Today, in a blog post, the company confirmed that it had received approximately 300 reports from customers of fraudulent credit card activity, most of which have occurred in the last five days.

Some users took to Twitter to tell the company that they had fallen victim.

WooThemes was at pains to underline that it doesn’t store any credit card details on its website, and that the security issue does not appear to involve a vulnerability in WooThemes-developed themes which are used by many popular WordPress websites.

In today’s blog post, and in an email sent to its 230,000 newsletter subscribers, WooThemes said that it had called in Sucuri to conduct a code and security audit, updated its SSL certificate, and changed its payment gateway to PayPal Express – taking all parts of the payment process completely offsite.

According to WooThemes, Sucuri identified three modified files on the company’s server which pointed towards an attack – although these have not yet been linked to the leaked credit card information. It would be great to know more information about what those files consisted of (were they malicious scripts, for instance?) but for now, no further information is forthcoming.

Some have speculated that although WooThemes does not store credit card information, details could have been intercepted in-transit as credit cards were used to make purchases.

Right now, WooThemes seems to be doing the right thing. It has called in experts to audit its systems and determine if any security holes exist, and taken preventative steps to prevent future visitors to its online store from being impacted.

Furthermore, it has informed its customers that there is a problem, told them to lookout for unexpected transactions on their credit cards, and promised to keep its blog post updated with further information as it becomes available.

As more and more companies do business online, criminals become ever more attracted to targeting them with attacks – hoping to grab credit card and personal information that could be later exploited for financial purposes.

Each and everyone of us has to be cautious about how we act online, and take care to check out credit card and bank transactions for unexpected activity which could signal we have fallen victim to a hack attack.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.