WordPress was originally launched in 2003 by the WordPress Foundation. A completely free and open-source platform that is primarily used for online blogging, it's one of the most popular options available to the digital journalists of the Information Age. Many of its integrated apps and add-ons are also featured on traditional websites. The company currently maintains a presence – in one form or another – on more than 60 million sites.
But many of these sites were in for a rude awakening when they returned to their inboxes following the third weekend in January 2019. Not only did they receive a mysterious email from a former employee of one of WordPress' most trusted apps, but the app's primary website was also hacked and defaced with the same email message.
Introducing WP MultiLingual
The app in question, WPML, or WP MultiLingual, has proven to be a popular WordPress plugin ever since its debut in 2007. As it offers the ability to translate any WordPress site into multiple languages, it's used by hundreds of thousands of website and blog administrators. In fact, the plug currently boasts 600,000 paying customers.
It's so popular that it doesn't even offer a free version in the WordPress repository – a common practice that many apps employ to convince users that their service is worth the investment. This is WPML's first major incident since its 2007 launch.
Developers at WPML were quick to dispute the email's claims. Although their website was hacked and the hacker did gain access to a web database containing customer names and email addresses, no further damage was done. According to WPML, the hacker never accessed any financial records.
However, the fact that the hacker accessed customer information means that all of these accounts are potentially compromised. Officials with WPML are urging their customers to change their passwords as soon as possible.
They were also quick to point out that the hacker never gained access to the original source code of the plugin, either. As such, individual customer sites were never in harm's way.
The Internal Dangers of Malicious Users
Although the damage appears to be minimal in this case, it highlights another critical issue with data storage and protection in the 21st century – inside threats and hackers. Although few details were released concerning the hacker's exact identity, it was confirmed that it was a former employee of WPML.
To ensure your data is protected from internal threats, remember the following points:
- Establish clear termination policies that include the immediate confiscation of work-related equipment and resources.
- Develop a password policy that mandates the use of strong passwords amongst all employees. Alphanumeric passwords that contain at least one uppercase and one lowercase letter are the hardest to crack.
- Ensure you have strong encryption in place. Always encrypt the most important data surrounding your company – including the personal information of your customers. While data breaches are one of the most common issues regarding data privacy in the 21st century, they can be absolutely devastating to the reputation and bottom line of a company.
To find out more information on WordPress, please visit their official website at www.wordpress.com.
Popular WordPress Plugin Hacked by Ex-Employee
No comments yet. Sign in to add the first!