On February 6, I had written a blog post regarding a possible security breach at BlogVault. Since then we have been conducting a thorough investigation into the issue. We have concluded the investigations. This post outlines its results.
No Data Breached
In our previous communication with you, we had mentioned that there had been a data breach. After detailed investigations, we found that the issue was a vulnerability in the BlogVault plugin, and none of the data on our servers were exposed.
We have ensured to cover every aspect of our system in our investigations, which involved inspecting the logs for our system as well as that of affected and unaffected sites. We also reviewed the attack payload with great detail.
BlogVault Plugin Vulnerability Fixed in Version 1.45
On Feb 4, we learned that we were using ‘unserialize’ PHP function on unverified data in BlogVault plugin versions 1.40 to version 1.44. We fixed it on the same day (Feb 4) with plugin version 1.45.
However, we had assumed the worst, and communicated with our customers the same day about the security issue. Following this, we also made a public announcement about it via a blog post.
Since then, we have thoroughly investigated the issue and analyzed our entire system. We have found that the the above mentioned vulnerability was the only entry point that allowed malware to be injected into sites on which the BlogVault plugin was reachable.
The BlogVault plugin has been secure ever since the updates on version 1.45.
However, we have continued to strengthen the security of our plugin and as of the date on which this post is published, the latest version of the BlogVault plugin is 1.46. If your BlogVault plugin is older than 1.46, we request you to update to the latest version available in the WordPress repository (https://wordpress.org/plugins/blogvault-real-time-backup/ ).
Your data and backups are safe
As mentioned in our previous communication, your backups and data were safe and continue to be safe. They were never at risk. This includes:
- Your backups
- Your passwords
- Your payment details
Please find below the details of the measures we have taken during the investigation to bolster the security of our service:
Preventive Security Measures Implemented
As a reflection of our commitment to security best practices, we have taken a list of preventive security measures during the investigation to ensure that this incident doesn’t repeat itself.
- Updates made with versions 1.45, and 1.46 of the BlogVault plugin were a part of the measures to strengthen the security of the plugin.
- We have actively scanned all sites to identify websites affected by this issue and to get them cleaned and secure.
- We have also pushed an automatic update to the BlogVault plugin on most sites.
- Moreover, we have taken and continue to take measures to ensure that neither the BlogVault plugin nor the servers can be exploited.
Your Trust Continues to Be Important to Us
During this period, many of you who have reached out to us via our chat channels, email or even Twitter. We realize that you have not received the level of service on which we pride ourselves, and for this we apologize.
At BlogVault we are committed to being transparent and accountable to you. I know that we had received some questions about details regarding the issue. We were unable to respond to them because we had prioritized the security of the affected sites of our customers. We also wanted to ensure that we would refrain from adding to any speculations and only communicate facts.
We have set up an FAQs page that addresses some of the questions you might have regarding the security issue (these are different from the FAQs we received at first), and address the measures we have taken to secure sites. Please find the link to this page here. https://blogvault.net/security-updates-faqs/
The security of your sites and your trust is of utmost importance to us at BlogVault. Please reach out to us with any further queries you might have.
You have been extremely understanding and generous to me and my entire team over this period; and we want to personally thank you for that.
Security is an ongoing process and we remain committed to making our service more robust.