EllisLab, a software development company, has urged all its users to change their password after hackers managed to gain unauthorized access to its servers on March 24 this year.
According to the company’s statement, in a bid to be safe from the hackers who might have stolen its members’, who are registered at EllisLab, personal information, it has asked people to change their EllisLab.com password.
The company said that the new users can also remove their account from the site. It is must, if anyone has sent his/her password via plaintext email instead of using the company’s secure form.
As the company form encrypts the passwords and removes them after 30 days, it is believed that those encrypted passwords would only be available to the hackers if anyone submitted it after February 24, 2015.
Similarly, if people have used their EllisLab.com’s password on other sites, they should change those too.
The company asked people to change the passwords periodically, and enable two-factor authentication whenever available. It also recommends tools which simplify the creation and use of unique passwords.
It is said that the hackers used a Super Admin’s stolen password to log in to the company’s site. The hacker then uploaded a common PHP backdoor script (a WSO Web Shell variant) that allowed them to control the company’s server.
The company wrote that the Nexcess hosting prevented the "privilege escalation" attempt. After getting alerts about the malicious activity, the unauthorized access had been shut down at the firewall level.
The company also thanks the Nexcess for their alertness and speed on their blog post.
Then the officials started dissecting the server logs to retrace hacker’s steps and learn how they got the access. They wrote that they had gone through all their files to remove what they added.
The attackers had access to the server for three hours. Although the evidence does not show any stealing the database, the company prefers to be cautious and assume the hackers had access to everything.