What Happened ?
The attack was carried out from Iran. The attack was made possible by breaching credentials of one of super administrator. After gaining access to administrator hacker downloaded all registered emails. Also he did changed login code to get passwords of all users who logs into the website.
With the deep study of logs and accessibility we believe that the hacker was not able to access any private messages or information. His purpose was to breach our customers email addresses and our products.
As soon as we found suspicious activity on our website we started the full investigation.
- We identified all the contaminated files and cleared it.
- We identified customers whose credentials have been breached, we have started the conversation with these customers to reset their passwords.
- We also identified the super admin, whose password was misused.
- We have improved overall security of credentials of all employees.
- We have generated new credentials for all third party services e.g. AWS, Mandrill, Digital Ocean, CloudFlare. We also restricted their usage policy.
- We have isolated our own network from any communication which starts from out-of-the network.
We are not the only who suffered the attack, many other websites have been hacked in Joomla world.
Are you worried about your account ? NO, you need not to panic.
You should follow these steps to secure your digital identity -
- Change your password at readybytes.net : All the customers are requested to change their passwords immediately to get prevented from hackers for accessing their accounts at readybytes.net. You can reset passwords by going to - http://www.readybytes.net/register.html?view=reset
- As a precautionary measure, we have reset passwords of all customers who logged-in in our website recently. They must choose new passwords.
- If you are not able to reset your password, then contact us with your purchase details, so we can verify and reset your passwords.
- Customer who utilize the same password for other services are recommended to change them as soon as possible to safeguard accounts at other services such as facebook, twitter etc.
- We are sure that hacker doesn’t access this but for safety reason, we suggest you to change your site credentials also if you have send us in past.
Security & Future
We are incredibly sorry, this has happened and affected you and your company. We have identified the gaps in our security system and have covered these lapses.
We have improved our technology and security practices since beginning of company and today we already follow lots of security mechanism. We take personal data and information security on very serious level.
First forward foot for the security :-
1. We have implemented 2 step login - Two Factor Authentication (2fa) for our site’s backend (by which we can prevent this loophole) and very soon we will provide more security option to our customers also.
2. Now we have restricted our site backend accessibility from our office network only and no more place for any outsider.
We are going to publish more info on this as we learn more.
System has resumed and security has been increased with this incidents. You can use all the services again as normal. We again apologies for the disruptions this has caused to you and your company
Please ask us any questions in the comments below or if you have any questions just email us [email protected]