OneSignal Hacked Server

  • I was using this plugin until about 3 weeks ago it all of the sudden started spamming everyone with adult sites. Too bad, now I need to tell everyone how to get the push notifications off of their computer! RRRRRRR!

    • This topic was modified 5 years, 4 months ago by Maximus McCullough. Reason: had to make stars one instead of 5
Viewing 6 replies - 1 through 6 (of 6 total)

  • We’re so sorry to hear this happened to you. I want to assure you that we take the security of our plugin very seriously, and we would never want a customer’s account to be compromised.

    It’s likely that the hacker was somehow able to guess your wordpress or OneSignal password. You can also check your email here to see if your password has ever been leaked anywhere: https://haveibeenpwned.com/

    We also recommend immediately changing your OneSignal and wordpress plugin, as well as resetting your OneSignal API key by following the instructions here: https://documentation.onesignal.com/docs/accounts-and-keys#section-resetting-your-rest-api-key

    Another possibility is that somehow your OneSignal REST API key was shared online. We’ve seen this happen if customers accidentally uploaded sensitive data to github or another public place.

    If there’s anything at all we can do to help, please don’t hesitate to contact our support team. While we don’t think this was a problem with OneSignal itself, we want to do whatever we can to make things right.

    Thread Starter Maximus McCullough

    (@maximusmccullough)

    Well the real strange thing is that I had a few websites on that server and they were all affected. Thanks for the response though.

    Same thing happend to me. I will try to change passwords.
    @maximusmccullough
    Are your sites allright now?

    Plugin Author OneSignal Push Notifications

    (@onesignal)

    @maximusmccullough and @vortodox this has been an issue we have seen with customers that don’t have proper security in place to block this issue from happening. Please checkout options to hardening your site and follow this guide for further details: https://documentation.onesignal.com/docs/data-questions#section-my-account-has-been-compromised-what-should-i-do

    As always, please reach out to [email protected] if you need further assistance.

    arlind94

    (@arlind94)

    same thing happen with my account.
    i changed password and reset the API KEY and reinstalled server. but same thing happen:
    someone is sending adult nottifications to all my apps. there are 2 possible options:
    Onesignal get hacked or Onesignal is sendig those notiffications without our premission

    Probably the later option is very viable. Offer a free service to everyone but then send out affiliate link offers with adult content for them to make money from CPA.. smart.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘OneSignal Hacked Server’ is closed to new replies.

Tags