- Joined
- Sep 7, 2013
- Messages
- 8,060
- Reaction score
- 7,814
Hi all, I received this email from Aromaleigh - they are an indie makeup company and I have ordered from them before. I thought I would pass this along in case some of you have ordered from them in the past.
kudos to kristen for getting this message out there so quickly!
kudos to kristen for getting this message out there so quickly!
June 23, 2015
[PSA] 9:30 PM EST: SECURITY BREACHThe Aromaleigh website is currently down as of 8:31 PM, June 23rd. I am unable to access the site, or to process/ship orders, and you won’t be able to access your accounts, or the website either.
It appears that today (June 23rd), at around 6 PM EST ,aromaleighcosmetics.com was attacked by sophisticated hackers who successfully made it through my SiteLock Inc. security and installed a “drive by download” attack onto my database. What this attack did was force anyone loading the page to see a pop-up window alerting them that Flash was out of date, and needed to be updated. Upon clicking “OK”, a file called “adobe_FlashPlayer_8_12.exe” was downloaded. At this time, SiteLock is still looking into the exact details of the attack and what this malware was doing. I fortunately found out about the attack within hours of it occurring, and was able to immediately contact BlueHost and SiteLock and have my Woo Commerce/Wordpress site taken down.
This notice is difficult for me to write, as I'm both shaken up and upset that I’ve taken precautions to ensure customer security via SiteLock and Comodo SSL, but my site was still compromised. As a result of the attack, I am upgrading my security protocols via SiteLock to their highest level of service. It comes with considerable cost, but your security when shopping at Aromaleigh Cosmetics is of utmost importance to me and even though I am just a small, one woman company, I don’t feel that I can put a price tag on your security- which is why I am taking these steps as well as notifying you immediately of the security breach.
In discussing the situation with SiteLock, they explained that the goal of drive by download attacks is to get a downloaded piece of software onto the victim’s computer. If you downloaded this software, called “adobe_FlashPlayer_8_12.exe”, DO NOT OPEN IT. Throw it in the trash, secure empty your trash and run your virus protection software, if applicable. The malware is an .exe file which is written for PC’s. Apple computers should not be affected, but if you downloaded the file to your Mac as I did, DO NOT OPEN IT and immediately trash and secure empty the trash.
SiteLock does not believe that the goal of the malware was to access customer information, and I’d like to stress that Aromaleigh does not store any customer payment information on our server. Our payment is handled via Paypal and also Paypal Merchant Services for credit card payments. However, it would be wise to take precautions at this time and change your PayPal password, or watch your bank or credit card statements for any unusual activity.
I will do my best to answer any questions or concerns that you have, but I don’t have all the answers. This happened only hours ago and I’ve taken immediate action to close the site down and get notification out to you as soon as possible. SiteLock is currently investigating the situation, and is cleaning my website of all suspicious code, and installing the higher level security protocols.
I hope that this breach doesn’t impact any of you in any way, and I’m very sorry for any worry or inconvenience that this causes to you. For the next 48 hours, I won’t be able to access the website so I am unable to ship existing orders, or view customer data or ordering information. Once the website is up and running again, I will beemailing this notification personally, to each and every customer with a registered account.
I never imagined this would happen to my site, as I thought I had taken security precautions, but this can happen to anyone. As a consumer, you can verify the security and vulnerability of sites that you shop with via the website https://www.ssllabs.com/ Even with security precautions taken, and a grade of B+ on SSL Labs, my site was still taken down by hackers. I just want to stress the importance of checking the security precautions and potential vulnerability of any sites on which you share sensitive personal or financial information. Hackers don’t discriminate between large and small companies- I ship only about 250 orders per month and was still targeted.
In the interest of getting this posted as quickly as possible, I’m going to sign off now.
Sincerely,
Kristen Leigh Bell
Owner, Aromaleigh Cosmetics
