There is almost nothing more unnerving than finding out that your personal information has been stolen. Unfortunately, if you are a iThemes Account Holder, you likely received an email back in September regarding a security breach on iThemes’ server.
After noticing some suspicious activity on our server earlier today, we discovered a significant attack on our membership database. (Source)
Thankfully, the company quickly responded to the attack and asked all users to reset their passwords for precautionary measures; they also took the added precaution of doing a global reset all accounts on iThemes in order to protect their users from potential attack.
The Good News
If you’re an iThemes account holder, you can rest assured knowing that the company was able to confirm that no credit card or payment info was stolen. However, it is quite possible that the attacker(s) gained access to other information: usernames, passwords, email and IP addresses, and a few others.
Although the company has not been able to decipher whether or not the breach to their system did in fact result in the passwords of users being stolen, they have urged ALL users to update things immediately. Therefore, as a necessary precaution, if you are an iThemes holder, it is vital that you reset your password if you have not already done so.
The Bad News
Even though you can breathe easy knowing that your credit card information is safe, there are a couple things about this breach that could create a bit of a headache for iThemes users.
First off is the fact that the attackers may have gained the above mentioned information. If they did indeed obtain any of the information, then your need for password resets may reach further than just your iThemes account.
If you have been using your iThemes username or password on any other personal accounts (i.e. email accounts, social media, banking accounts, etc.), then you should undoubtedly change the information across those accounts, making sure that the new information entered is unique to each individual account.
The other bad news about this breach was finding out the way that iThemes had been storing account holders passwords’. Cory Miller, founder and CEO of iThemes, openly disclosed their misstep regarding security:
There is no easy way to say this: We were storing your passwords in clear-text. This directly impacted approximately 60,000 of our users, past and current. (Source)
According to Cory, the method of storing the passwords in plain text resulted in the information not being protecting the way they should have been. However, with the progression of technology, the company knew the danger of keeping things on this platform and had already started taking the steps to migrate the data to a more secure process — something that is much more difficult than Copy and Paste.
A Lesson in Honesty: A Company That Owns Up To Their Mistakes
Many iThemes users have expressed their frustrations regrading the breach and the seeming lack of security in iThemes data. However, the fact that the company quickly and openly admitted to their error is one that is sure to resonate in a world of companies that do nothing more then try and cover their butt when they make mistakes.
Everyone makes mistakes, but the fact that iThemes had the humility to own up to the ones made should solidify them as an honest business that does it’s best to treat its customers like real people and not just another faceless check in the bank.