NOTICE OF WEBSITE HACK
BW Printworks Family,
We are contacting you to notify you about a website breach that occurred recently at BWPrintworks.com.
What Happened? On Sunday May 17th, 2020, we were notified by our monitoring service that our website was hacked. We immediately took action and removed the infected files from our system. We also changed our administrative passwords to all areas of our site. The hack appeared to have taken place Saturday afternoon and again Sunday morning. We have been diligently analyzing the infected files and coding. We have determined they were from a Indonesian Hacktivist group called ExtremeCrew. A bit of research revealed their most common tactic is to hijack a website and display their information on the front page as a trophy or sign they’ve more or less beaten the system. We are unsure if there was any other motive or intents to act maliciously with customer data. We do know they copied the skeleton or structure of our website files and system, planted auto-forwarding emails, and attempted to access our server structure.
What Information Was Involved? The only information that we have confirmed to be taken were customer emails. We are 100% confident that no payment information was taken. Early on, we intentionally chose to use a third-party payment provider, PayPal and Square Pay, to effectively secure and process customer payments. Our system was also designed to encrypt user passwords. We do not believe they were successful in decrypting them, however, out an abundance of caution, we urge you to change your password if it is used on any other websites or email accounts. We are in the process of manually resetting everyone’s bwprintworks.com password as an additional safeguard.
What We Are Doing? We have taken several steps to protect your information and our website from a future attack. Some of these steps are:
· Performed scan of website file system to ensure all infected files/code were removed.
· Updated website from source files to ensure all files were replaced with original coding.
· Invested in an additional high security firewall in addition to our current server firewall.
· Invested in malware and virus scanner and scheduled it to check our website multiple times a day.
· Invested in additional software to check for open ports and server vulnerabilities.
· Changed all server, website, ftp, and database passwords.
· Changed all encryption keys and website keys.
· Renamed admin folders, database names, and admin users.
· Reset all customer passwords and placed stricter password requirements.
We encourage all of our customers to be hyper vigilant for phishing emails including ones that appear to come from our company BW Printworks. We will never contact you requesting personal information or include any attachment, including an invoice, without a verbal or written request from you personally. The only unsolicited email you will be receiving soon is an email stating that your password was reset with a link to reset it. We will include a security code to identify that the email is from us. As a precaution we strongly recommend copying and pasting the reset link from the email and into your browser instead of clicking the link. Please take a moment to read “How to Recognize and Avoid Phishing Scams” from the consumer FTC page. Here is the direct link that you can copy: https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
We appreciate your patience and understanding during this difficult and frustrating process. Please reach out to us should you have any questions or need further information.
Your BW Printworks Staff