EllisLab Servers Hacked

Hackers gained unauthorised access to EllisLab servers and may have obtained personal information relating to members registered at EllisLab.com, according to the latest blog post from the developer of professional content management system ExpressionEngine.

Hackers somehow managed to steal a super administrator’s credentials and then uploaded a common PHP backdoor script that allowed them to access EllisLab servers without requiring authentication. Since the attackers routed their connection through Tor network, their identity or location is unknown.

EllisLab’s web hosting provider Nexcess discovered the incident on March 24 and then immediately shut down access at the firewall level. 

Derek Jones, CEO of EllisLab wrote, "The attackers had approximately three hours of access to the server. While evidence shows it is unlikely that they stole the database, we prefer to be cautious and assume they had access to everything."

That may include, your username, screen name, email address, salted and hashed password, member profile data, your billing name, address and last four digits of your credit card.

So all the users are advised to change their passwords as soon as possible.

No comments

Powered by Blogger.