EllisLab Tells Users to Change Passwords After its Web Host Discovers Security Breach
Nicole Henderson reports:
EllisLab, the software development company behind the ExpressionEngine CMS, announced on Friday that hackers gained unauthorized access to its servers at the end of March and may have obtained customers’ personal information in the process.
According to a post-mortem blog post, hackers logged into EllisLab.com with a stolen Super Admin password at 10:49 am PT on March 24, 2015, and uploaded a common PHP backdoor script to allow hackers to access its server without requiring authentication. Hackers had approximately three hours of access to the server before it was detected by the company’s hosting provider Nexcess.
Read more on The Whir.