There’s potentially some rather bad news today if you are a customer of WooThemes, the popular WordPress theme manufacturer.
The first sign of a possible problem at WooThemes, was yesterday when the company’s code ninjas tweeted that it was “looking into issues” with its payment gateway.
Today, in a blog post, the company confirmed
that it had received approximately 300 reports from customers of fraudulent credit card activity, most of which have occurred in the last five days.
Some users took to Twitter to tell the company that they had fallen victim.
WooThemes was at pains to underline that it doesn’t store any credit card details on its website, and that the security issue does not appear to involve a vulnerability in WooThemes-developed themes which are used by many popular WordPress websites.
In today’s blog post, and in an email sent to its 230,000 newsletter subscribers, WooThemes said that it had called in Sucuri to conduct a code and security audit, updated its SSL certificate, and changed its payment gateway to PayPal Express – taking all parts of the payment process completely offsite.