Breach, Data Security

iThemes users asked to change passwords following attack

WordPress themes, plugins and training provider iThemes is asking all customers to reset their passwords following an attack on its membership database.

In a Tuesday post, Cory Miller, CEO of iThemes, wrote that attackers may have compromised usernames, passwords, email addresses, first and last names, IP addresses, names of purchased products, coupon codes, access times, and payment receipt information. Payment card information was not affected.

In a follow-up Thursday post, Miller wrote that passwords were being stored in cleartext and that 60,000 past and current users were directly impacted.

Migration is the primary focus right now – notably management and storage of passwords and other data. An audit of the IT stack, as well as products and code bases, will be performed in the coming days. iThemes is also reviewing and updating security incident response and detection procedures.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.