- Should I delete the BlogVault plugin for now?
We have already updated the BlogVault plugin with additional security measures. Please install the latest version of BlogVault, from the WordPress plugin repository.
- Will performing an Auto Restore help?
If you’re facing issues, do not Auto Restore. Please get in touch with us. You can contact us via the chat channel on any page of our website, or via the BlogVault dashboard. We will be able to fix the issues on your site.
- What was the security concern?
A breach resulted in a small portion of sites being accessed without authorization. Further analysis showed that malware was injected. We learned about the data being exposed just over 48 hours ago.
- Have you identified all the malware? How did you manage to identify the malware?
We have been tracking changes to files since we learned of the exploiting and looking at them. We have used advanced scanning systems and we are fairly confident that we were able to identify malware accurately. We will update any changes we find on this page along with notifying you.
- Are you helping customers clean up their sites?
Yes, we are. We have already removed all the instances of malware we have identified so far. We are treading cautiously and are continuing to screen the sites. We will share updates accordingly. If your web host has suspended your site due to malware then please contact us. We will help fix the issues on the site.
- Why was there a delay in disclosing the breach?
As we mentioned, the injected malware meant that some of our customers’ sites were being suspended by web hosts. We wanted to ensure that our customers’ data; both the backups and the websites were secure, and back on track.
What about my data?
- Are my backups safe?
Yes. All of your backups are safe; and have not been compromised.
- Are my WordPress admin credentials safe?
Yes, they are. We do not store WordPress credentials of any site credentials of any site. Hence there was no risk to them.
- I used my SFTP credentials to migrate/restore my site via BlogVault. Should I change them?
No. We do not store SFTP credentials of any site. Hence there was no risk to them.
- I used my credit card to pay for BlogVault’s services. Are my payment details safe?
Yes, your payment details are safe. We DO NOT store any of your credit card information or payment details. They are processed via Stripe, which uses the best security practices, and is completely safe.
What do I do now?
- What actions should I take now?
i. If your web host has suspended your account then please contact us. We have identified the issue, and we will help you resolve it.
ii.We cannot stress this enough– Please update to the latest version of BlogVault.
iii. Also, as a preventive step we have reset the BlogVault account password for our entire customer base. In order to access your BlogVault account, you will need to enter a new password. (Please note that all your BlogVault account passwords were encrypted and none of them were stored in plain text.)
Questions About BlogVault
- I thought BlogVault was secure, is that not the case?
BlogVault is committed good security practices and we have always attempted to adopt security best practices. However we continue to learn and grow.
We have undertaken a detailed analysis of the issue and we are learning from the data we are seeing. We have taken the opportunity to further solidify our security systems.
We continue to work in the best interest of our customers & partners and we hope your faith in our service continues.