Journal Support Security Notice
We recently learned of a security incident on one of our support backup servers and wish to inform our users to take safety precautions.
This only applies to support users who have provided temporary store access in a support ticket (FTP, cPanel or Opencart Admin) prior to 14 September 2018 which is still valid.
If you never provided store access in a ticket or you provided temporary access before 14 September 2018 which is not valid anymore, you can ignore this notice.
On 30 December 2018 we detected unusual activity from an unknown source in one of our support backup servers. The last backup on this server was on 14 September 2018.
This was not a deliberate attack on our support server with the intension of obtaining specific support data, it was a random bot event that may have inadvertently accessed support message content prior to 14 September 2018.
What needs to be done?
Everyone who has provided server access (FTP, cPanel) and/or Opencart Admin access in a support ticket prior to 14 September 2018 should change their usernames and passwords if that access is still valid.
Normally, only temporary store access is provided to investigate potential issues, valid for a limited time, and given the date of the last backup on the affected server (more than 3 months ago as of 30 December 2018), technically all access should be invalidated by now.
In the unlikely event access to your server (FTP, cPanel) and/or Opencart Admin that you have provided in a support ticket before 14 September 2018 is still valid, it should be immediately removed or usernames and passwords changed.
Current Support Status: SAFE
The main support server was never affected, only a separate backup server. We have taken all necessary security measures and the support is working normally and tickets can be filed safely.
Going forward, we remind you to always create temporary access to your server (FTP, cPanel) and/or Opencart Admin when needed to address your technical issue, which should only be valid for the duration of the current open ticket.
If you have any questions you can reach us directly at firstname.lastname@example.org