The credit card information of 300 individuals is at risk following a substantial data breach at WooThemes, a provider of custom WordPress themes.
Customers reported around 300 cases of credit card fraud to WooThemes in the days leading up to May 9. WooThemes then notified users that three modified files had been found on the server and used to intercept payment details – likely during the checkout process. A number of security practices were put in place in response.
A security audit was carried out, along with a full review of the host and payment gateway. The SSL certificate was updated and the payment gateway was changed to a third party provider.
"It must be made clear that we do not store any credit card details on our site, nor does WooCommerce, which makes this investigation that much more difficult to pin point," a spokesperson from WooThemes explained.
"To be on the safe side we urge all customers to check their cards for any fraudulent activity and letting both us and your bank know if you discover any unusual charges."
The number of security breaches occurring on a regular basis should serve as a warning as to the importance of undertaking adequate security measures. Ethical hacking can be used to safely identify potential weak points in security processes.