WPML -- the plugin which supports multilingual websites in WordPress was hacked yesterday, said sources. Along with the breach, WPML users were sent spam emails regarding the site’s security.
WPML employee Amir Helzer said in a blog post that it was allegedly the work of a former employee. On the other hand, Helzer has mentioned that the attacker did not steal any confidential information such as login details and payment information.
Playing Smoke and Mirrors
A tweet by a WPML user showed the email’s message. At a glance, the attacker used the site’s mailer service to send emails and has cited ‘ridiculous security holes’ in the email. Also, the email advises users to stop using sensitive information and to make frequent backups.
It seems that the former employee/attacker took a dig at the company not providing a ‘100% hack proof” software, and criticized the site’s offerings such as its product plans and support service.
WPML fixes the site immediately
After many users reported this email, WPML responded with a fix by revamping the site. One of its employees Amir Helzer informed this in an official blog.
“We updated wpml.org, rebuilt everything and reinstalled everything. We secured access to the admin use 2-factor authentication and minimized the access that the web server has to the file system. These are more precautions than an actual response to the hack."
Moreover the official blog stated that, "Our data shows that the hacker used inside information (an old SSH password) and a hole that he left for himself while he was our employee. This hack was not done via an exploit in WordPress, WPML or another plugin, but using this inside information.”