*IMPORTANT* TroikaTronix Website Hack & Your Passwords -- Everyone Must Read

mark

Dear All,

As you may have seen earlier today (Nov 22, 2019) our main website was hacked through an exploit of Wordpress. We have consulted with the experts who manage our website and as far as we can tell this was an automatic exploit that simply retargeted our Wordpress pages to external websites. We have no indication that sensitive user data like your passwords were accessed, but there is at least some possibility data could have been exposed. Here is what we know:

FORUM: This forum (community.troikatronix.com) is on a separate server so it could not have been accessed during the hack. However, there was some lingering data from the OLD forum we replaced three years ago. If the password you use here is the same password you used in the old forum from three years ago, there is a small possibility it could be comprimised.

PLUGINS PAGE: We have no indication that the hackers accessed the passwords stored with the Plugins area (troikatronix.com/plugin/) of our website. But, because it is managed under Wordpress, there is a possibility those passwords could be comprimised.

TICKET SYSTEM: The ticketing system is a totally different system. It could not have been vulnerable to this attack.

LICENSE PORTAL: The license portal for Isadora 3 licenses is a a totally different system. It could not have been vulnerable to this attack.

RECOMMENDATIONS: While we know it's a hassle, we feel its best to be extra cautious. If you created a password for the Plugins section (i.e., troikatronix.com/plugin/) you should change it immediately. If the password you use here in this forum (community.troikatronix.com) is the same password you used in the old forum from three years ago, then you should also change this password immediately.

If you used either of these passwords on other sites (including the ticketing system or license portal), then you should change your password on those sites as well.

(You should also start using unique passwords for every site you access; as many of you know, is a very bad practice to reuse passwords.)

We take the security of your data very seriously at TroikaTronix. We are sorry for any inconvenience this has caused you, but we wanted to be as transparent as possible as quickly as we could.

We are still analyzing how this hack was accomplished. We will let you know if we have further concerns that require your attention.

Best Wishes,
Mark + The Troika Tronix Team

jfg

[EDIT: THIS HAS BEEN FIXED]

I cannot download plugin anymore. I get a webpage with following text:

Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /usr/www/users/troika/troikatronix.com/wp-content/plugins/types/vendor/toolset/types/embedded/includes/wpml.php on line 646

Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /usr/www/users/troika/troikatronix.com/wp-content/plugins/types/vendor/toolset/types/embedded/includes/wpml.php on line 663

Warning: Cannot modify header information - headers already sent by (output started at /usr/www/users/troika/troikatronix.com/wp-content/plugins/types/vendor/toolset/types/embedded/includes/wpml.php:646) in /usr/www/users/troika/troikatronix.com/wp-content/themes/troikatronix/download_plugin.php on line 32

Warning: Cannot modify header information - headers already sent by (output started at /usr/www/users/troika/troikatronix.com/wp-content/plugins/types/vendor/toolset/types/embedded/includes/wpml.php:646) in /usr/www/users/troika/troikatronix.com/wp-content/themes/troikatronix/download_plugin.php on line 33

Warning: Cannot modify header information - headers already sent by (output started at /usr/www/users/troika/troikatronix.com/wp-content/plugins/types/vendor/toolset/types/embedded/includes/wpml.php:646) in /usr/www/users/troika/troikatronix.com/wp-content/themes/troikatronix/download_plugin.php on line 34
PK �\'OJump By Name Plugin/UXRX�]�zs]�
PK�\'O.Jump By Name Plugin/READ ME - Installation.rtfUXRX�]�zs]�
mS]k�0}���o��d��|t�B���%��؋^[��ؒ��:i�ߕ��{�{��9��+նL(�F�%o�I:Ii�r�\i����t���蕖JZ{�iIhiza-�i�-�o�~�V�l��\�J#tA5/�Ʉ5��%���E[�r�'�=!!���<#�a�X'ِi�=�� ���V��IȂ8.]P{��W�a�i2�a>wa<%.dc�������2r��PK��s���
PK �\'OJump By Name Plugin/Macintosh/UXRX�]�zs]�
PK �\'O4Jump By Name Plugin/Macintosh/Jump By Name.izzyplug/UXRX�]�zs]�
PK �\'O=Jump By Name Plugin/Macintosh/Jump By Name.izzyplug/Contents/UXRX�]�zs]�
PK �\'OCJump By Name Plugin/Macintosh/Jump By Name.izzyplug/Contents/MacOS/UXRX�]�zs]�
PK�\'OOJump By Name Plugin/Macintosh/Jump By Name.izzyplug/Contents/MacOS/Jump By NameUX�zs]�zs]�
�[kpU��Ldf&�ڈ�A�Ð"
E2&���1 �Ep���dz��~��]0V��̦*��r�ҵj�P����j��,�.Q�!�ֺ��j5�e�ni�.̞��N�A�c�l��t���{ι�{���m�>�م9�p�?\Up� d�P� ��2Bb����=�b�g�`��r��,y�ʋ��;rS���B�>2\c1Ӳ��Y��YC�{0W��g�����XRVӲ1�=�M�� ���L�P��Y�d��W��Cз�
E��-

and more……

Michel

@jfg

It should be fixed now. Due to the vulnerability all plugins and Wordpress where update. Also the php version was updated and that broke a function for the plugin section. 

Best Michel

jfg

Fixed.

thanks a lot