Please be on the lookout this afternoon for an email being sent out to all single-user store owners. The text of it will look like this:
Dear [your name],
As you know, privacy and security are both extremely important on our site. In the past week, we have experienced the first security breach in our 8 years of operation.
A hacker was able to access login id’s and passwords to an unknown number of Hyena Cart single-user seller (HC Multi) accounts by exploiting the code used in the stores. This vulnerability has been eliminated, but the hacker may still hold login information to some seller accounts.
The hacker was using this seller login information to access vendor pages and change the Paypal account email address, redirecting shopper payments to his own account.
As mentioned, due to changes made in the code last night, the hacker no longer has access to current seller passwords. However he may have saved login information during the breach. To completely shut the hacker out, we have decided to proactively change the password to every seller’s account.
Your password has been changed to [your new password]. Please log in to your account with this new password and confirm that your Paypal information is correct (on the Store Settings >> Profile Page.) You can also modify your password, but please do *not* use your previous password.
You can log in to your account via this link:
http://hyenacart.com/HCmulti/admin/login.php?admusername=[your login id]&admpassword=[your new password]
There has been no breach to multi-user seller accounts (like congos), or to shopping accounts. In addition, we have added the following safety feature: whenever the email or Paypal account address are changed in a seller’s account, an email is immediately sent to the seller to confirm that it was an intended, authorized change.
We are currently compiling documentation of the hacking and will be notifying the authorities of the scope and identities of the known suspects (identified via Paypal information).
If any of the payments in your store were misdirected, please contact the shopper and ask that they file a Paypal dispute. In many cases, the payment has already been refunded. Once they receive a refund, they can send the funds to your account. We can also help with contacting shoppers if needed.
Thank you very much and we apologize for the inconvenience. We sincerely apologize if you received this message twice. If so, please disregard the first message.
If you have any questions or concerns, please contact us at support@hyenacart.com. You can verify that this is a genuine email from the Hyena Cart site as it is referenced in this blog post.
Thanks,
Karen
HC Admin
Thanks for your understanding. Also, please don’t be concerned if you did not receive an email notification of this blog post. We chose not to send one out since we are emailing all affected parties directly.