The Uncanny Automator breach exposed customer records and led to a backdoored Pro plugin update, version 7.3.0.5, being distributed to some live WordPress sites. Uncanny Owl confirmed the incident, released a clean 7.3.0.6 version, and warned that any site running the compromised build should be treated as infected. #UncannyAutomator #UncannyOwl #automatorplugincom #WordPress
Keypoints
- An attacker exploited third-party software on automatorplugin.com and gained access to company systems.
- The attacker tampered with the Pro update package and the licensing database, but not the source code repository.
- A backdoored Uncanny Automator Pro build, version 7.3.0.5, was pushed to some live WordPress sites.
- Exposed customer data included names, email addresses, license keys, and associated website URLs.
- Uncanny Owl removed the attacker, released version 7.3.0.6, and advised users to avoid 7.3.0.5 and reset passwords.
Read More: https://securityonline.info/uncanny-automator-breach/