Woocommerce Payments + Stripe Express Integration got hacked!

Hi,

If there is money transferred away from stripe then that money went some where, follow the trail and u will find the thief!

With that being said u should also consider better protection for your website and report the theft to the police (eventhough they won’t be able todo much u want the theft tobe documented). Even security programs like Wordfence don’t do enough to prevent these kind of things. as an example check your logfiles and u will see that half of the connections that are being made are bassicly unwanted. Get rid of the unwanted connections and u will have a top nutch secured website.

If u need any advice on how todo this let me know and we can work something out!

The Stripe Express customer service confirmed that any issue concerning their built-in integration with Woocommerce Payments lies on Woocommerce’s side.

I am sorry, but no one here can help you. Also please do not post any emails or phone numbers on this site again, I removed that.

This support forum on WordPress plugin code for the “WooCommerce” plugin only. This is not the WooCommerce customer support site.

my Woocommerce + Stripe Express integration has been hacked and as a result some funds have been stolen.

That’s a matter between you and Stripe. No one here can resolve that for you; no one here is involved in any form with your transactions. Please go back to Stripe and inform them of that.

@bigusersmol – Thanks a lot for your reply!

For your information:

? All logs files do not show any malicious activity (unrecognised log-in) happened via my website’s admin panel.

? The hacker managed to access the Stripe Express account associated with my e-commerce and changed the bank payout details to its own one. These changes took place without triggering the default email notifications (email notifications about changes to the account are sent automatically). As matter of fact, the hacker made these changes even before I logged for the very first time into my Stripe Express account. I believe this should demonstrate the fact that the security breach concerns Woocommerce’s side.

? The Stripe customer service affirms that these malicious changes took place on the same day my Woocommerce account got created. Apparently the IP location seems to be matching my area.

? Furthermore, accessing Stripe Express account requires a 2 factor authentication, which asks for a code sent to my personal phone number. In the scenario where the hacker accessed it via my website’s admin panel that should have been able to prevent its access.

? The only info I can obtain from the deposit transaction are the last 4 digits of the bank account and the location of the bank.

I frankly do not expect to get an answer on how to track back the hacker via this forum but I am genuinely hoping that this will get the attention of Woocommerce’s staff who is supposed to be proactively on top of this!

Though, I do believe this report concerns every Woocommerce’s user, as it cannot be acceptable that such an event takes place without an official feedback from the platform itself.

Depending on how this will turn out, I will carefully consider if I should continue to use Woocommerce throughout my many domains and wether I should keep recommending it to my clients.

Thanks again for anybody’s attention out there!

• This reply was modified 1 year, 7 months ago by Jan Dembowski.
• This reply was modified 1 year, 7 months ago by mexicanspeedball.

@jdembowski – Thanks for your response! It’s good for you to know that this forum is where the Woocommerce website redirects you to. You can validate it yourself via this link: https://woocommerce.com/my-account/create-a-ticket/ (actually the link to this forum appears all over woocommerce’s website) Could you then please rectify this with Woocommerce?

I have been in contact for 2 weeks with the Stripe customer service and they confirmed the issue lies on Woocommerce’s side. Before getting back to them with the claim you mentioned, can you tell me what is your professional authority in order to affirm that? Can the word of a forum moderator not employed by Woocommerce be opposed to the one of Stripe’s customer service?

I would strongly appreciate if you could redirect me to the right forum.

Thanks!

I would strongly appreciate if you could redirect me to the right forum.

If you have a question about the WooCommerce plugin or plugin options, then this is the right place. ??

If you are looking for support to get your transaction reimbursed or other details about the transaction with Stripe then this is not the right place. I would suggest going back to Stripe for that but that is a guess on my part.

I know it can be confusing but the whole www.remarpro.com site is about supporting users in code or code related topics for plugins, themes and WordPress code on this site (www.remarpro.com). Stripe saying it’s on the WooCommerce side may be a WooCommerce plugin configuration issue and configuration issues are for here. It’s plugin related.

But please be aware, that’s as far as this support forum goes. No one can here can get that transaction back and that’s not what this site is for.

Hi,

To me this does not sound like a typical hacker attempt.

I’m also not familiar with the stripe payment gateway.

What i do understand in your story is that a bank accout got changed either in your Stripe account or in your admin account of your (clients) website.

If it is changed in your Stripe account then it has nothing todo with wordpress/woocommerce.

If it is changed in the admin area u should be able to find the whole banknumber instead of the last 4 digits.

Depending on where things happend u should talk to stripe or better protect your admin area.

Think about 2 factor authentication on the admin area or even better change your hostfile so that the admin area can only be accessed by your own IP address. What i usually do is block datacenters, VPN services and other types of connections like this as much as possible since all the crap always comes from those kind of connections.

As an example (for those who use wordfence) my wordfence logs don’t show any blocks on sites where i use this kind of protection and on the plus size u need way less resources if u block them upfront instead of running after them.

@jdembowski – Thanks for your reply!

I totally get your point and I apologise for any inconvenience caused.

In fact, as mentioned above, I am not expecting to get the solution directly via this forum but rather to get the right heads-up on who to contact and how to speed up the procedure.

Perhaps, that’s a bit naive of me, but I thought Woocommerce’s staff might be monitoring issues on this forum concerning their plugin.

I seize the moment to specifically ask something else, did anybody ever heard about a similar problem with the Woocommerce + Stripe integration? I truly doubt this only happened to me.

Thanks again!

@bigusersmol – thanks for your tips!

+ Stripe Express is an integration built-in with Woocommerce that handles the payments. e.g. Credit cards payments are being sent to Stripe and then Stripe sends them to the associated bank account.

√ I do have Wordfence with 2FA activated.

Hello @mexicanspeedball,

Thank you for reaching out!

I understand how frustrating this must be for you. Account/payout related queries are a bit too sensitive to be discussed in a public forum.

Have you already opened a ticket about this from WooCommerce.com > MY profile > Support?

If you already have, could you please share the ticket number with us? We want to make sure it’s in our system, especially as this is an urgent matter. :?)

Look forward to hearing back from you.

@babylon1999 – thanks for your comment!

the ticket number is: 6590721

I am still looking forward to hearing back from the woocommerce team soon, if you could help me out with getting the right assistance I would strongly appreciate it ??

Hi @mexicanspeedball

After checking, I can see that our team is currently investigating your issue (Ticket no: 6590721). We kindly ask for your patience during this process. As soon as we have an update, we’ll promptly reach out to you through the ticket response.

Meanwhile, I will be marking this thread as resolved since your concern would be best handled by our Happiness Engineers there.

Feel free to create a new topic if you need further help with WooCommerce core.

Thanks!