Little followup to my post yesterday of how Ipower totally failed when they were hacked (“compromised” is their word) 2 times in one week. Thinking more about it, this is terrible management. First, to have such poor security, and second, not admitting the mistake and TELLING US exactly WHAT they were doing to fix it, and most importantly, make sure it didn’t happen again. All successful businesses admit their mistakes in public, but not Ipower. (although I wish they would man up, and be a better company for it. ) :(
Ipower took down the Facebook note I linked to yesterday, along with all the comments!!! That one concerned the first time they were hacked, 4 days ago. Guess it was too incriminating, with their poor, very late response, their attempt to shift the blame and the cleanup over to their clients, and above all, NOT DOING ANYTHING about the problem. Again, they just told us what we should do, which they copied from the WordPress thread! (However, if you look at their Facebook Note page, you will see a link on the left under Notes which says Notes About, and my Note is right there!)
Today they issued an acknowledgment about the 2nd malware attack.
To all customers whose site has recently been compromised. We have identified the area of intrusion and are now running a script to clean up all sites that have been affected. The clean up should be complete by tomorrow morning. There is no need for anything to be done on your part.
See, here’s the thing. Those of us who got scared again on Sunday when we found it happening again already did that work for you, Ipower. All it took was the Search and Replace plugin. So, yeah, there’s nothing to be done on our part, nor was there the first time, as far as changing passwords, etc. I’m sure it’s to do with MySql, their databases. Dangerous stuff.
4 Comments