WPTavern: BlogVault Security Breach Infects Customer’s Sites With Malware
photo credit: Anonymous Account Code – (license)
BlogVault, a real-time backup and migration service with a WordPress plugin that’s active on more than 20K sites, announced over the weekend that it suffered a security breach that exposed data. Akshat Choudhary, founder of BlogVault, explains that some customer sites were accessed without authorization and were infected with malware.
BlogVault is contacting customers whose sites are affected and removing malware to secure the data. According to Choudhary, all backups generated by BlogVault are safe. FTP, login credentials, and payment related data is safe. The service doesn’t store credit card information as payments are processed through Stripe.
The service has carried out a series of security precautions including, updating the plugin to 1.45, resetting passwords for all customer accounts, and is meticulously analyzing its systems. Customer passwords were encrypted, making them difficult to retrieve.
BlogVault is sharing information about the breach as it becomes available. “We understand that it can be frustrating for you; as it is for us, to not have all the information,” Choudhary said. “We aim to be comprehensive in our response to the issue. Once we have safeguarded our customers’ data, and our investigation is complete we will be able to share more details.”
Customers are encouraged to update the BlogVault plugin to 1.45 as soon as possible and to keep an eye on the service’s security updates page for new information.