Possible Stealing My Database Credentials

  • Resolved Terry J

    (@texasbiz)


    6 years, 3 months ago

    I got alerted (some days ago) that there is exact site cloned with all my info – right down to members database. Seems only way is if someone got my database credentials. Just paid for a full security audit and my server is secure, assured no way the hackers came in using server details.

    Is it possible they used Duplicator? I am told this is what happen but refuse to believe it. Surely you would have alerted all users it problem, right?

Viewing 1 replies (of 1 total)
  • Cory Lamle

    (@corylamleorg)

    6 years, 3 months ago

    Hi Terry,

    The issue your speaking of has been patched with the latest version. Unfortunately, there was a window in which the plugin had a vulnerability. In these scenarios it can be difficult to isolate the issue but if the plugin was the source of compromise we apologize!

    As with every company large and small security issues can happen. In the WordPress ecosystem, the only way to alert users is through plugin update notifications. Once we heard of the issue we had a patch within an hour and users should have gotten a notice to update the plugin. We made sure that the notice was visible in our changelog.

    With that said our team is doing everything possible to make sure this issue never happens again! If you happened to have a plugin like WordFence installed it would have been able to block the issue. We recommend on all public sites that users install the added security and enable auto-updates for plugins.

    Sincerely

    The Duplicator Team

Viewing 1 replies (of 1 total)

The topic ‘Possible Stealing My Database Credentials’ is closed to new replies.