Canadian cloud accounting firm leaks WordPress admin credentials


Level 26
Thread author
Top Poster
Aug 17, 2017
On January 20, Cybernews researchers discovered a publicly accessible AWS Storage bucket belonging to FreshBooks. While it mainly stored images and metadata of FreshBooks’ blog, among the leaked data, were backups of the website's source code and related database. One of the databases contained information about the site, its configurations, and data of 121 WordPress users. Names, usernames, email addresses, and hashed passwords of the site’s administrators, writers, and editors were exposed. The leaked passwords were hashed using the easily crackable WordPress MD5/phpass hashing framework leaving users’ accounts vulnerable to hijacking.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.