One of the largest multilingual plugins in WordPress, WPML, was breached this weekend when customers received an email claiming the plugin released sensitive information.

The email encouraged customers to check their databases and passwords and not rely on the plugin’s customer service to fix the problem.

A tweet sent out on Sunday claims the hacker was an ex-employee using a backdoor. It says the plugin itself wasn’t compromised but customers should change their account passwords.

WPML posted a blog that same night saying the site has been secured, “This email was sent from an intruder who got into our site and used our mailer. Obviously, that message was not sent from us. If you received such an email, please delete it. Following links in hacked emails can cause additional problems.”

The post goes on to allege the hacker used an old SSH password and a backdoor he left for himself to carry out the attack.

The WPML team assured customers that:

“WPML plugin running on your site does not contain this exploit. Your payment information was not compromised (we don’t store it). The intruder does have your name and email and might have access to your account at WPML.org. The intruder indeed stole the sitekeys, but they are of no use. The sitekeys allow your site to get updates from wpml.org. The intruder cannot push any changes to your site using these keys.”

The company urges customers to update WPML passwords but assures that the plugin itself wasn’t part of the attack.

Emily Schiola

Emily Schiola is the Editor of Torque. She loves good beer, bad movies, and cats.

The post WPML Breached, Allegedly by Former Employee appeared first on Torque.