Security Alert – iThemes account breach

TLDR: If you have an iThemes account (for “Backup Buddy,” “SecurityPro,” or their other plugins or themes), change your password now. If you use those same credentials at other sites, change those passwords now as well.

iThemes, a WordPress theme and plugin development company,  announced a security breach on Tuesday, and followed up with more details about that breach yesterday.

Basically, the company noticed strange things happening with one of their servers, took a closer look, and saw evidence of a compromise. That’s not that big of a deal; It’ll happen to all of us at some point.

Here’s the thing that kills me, though; that makes me want to bang my head against a wall:

There is no easy way to say this: We were storing your passwords in clear-text. This directly impacted approximately 60,000 of our users, past and current.

Yes, those credentials were used across our entire platform, from our iThemes membership login to your iThemes Sync login.

There is absolutely zero reason for any company — much less a tech company — to be storing passwords in clear text. That’s a solved problem. There are off-the-shelf solutions for it.

This is so damn frustrating.

The one good thing here, is that iThemes’ founder and CEO Cory Miller has been pretty upfront about things. That’s good, but it’s also the door from a barn that’s been destroyed by a tornado. …if you get my drift.

Leave a Reply

Your email address will not be published. Required fields are marked *