An unknown attacker hacked the Piwik.org website on Monday morning and added a piece of malicious code into the Piwik 1.9.2 Zip file that will reportedly open a backdoor on systems it is installed on.
The Trojanized file remained available for public download for roughly eight hours until the breach was discovered and the file replaced with a clean copy by the Piwik team.
Piwik stated that their website runs on the popular WordPress platform and the hacker was able to gain partial access to the website server by exploiting a vulnerability within an unnamed WordPress plugin.
No personal or sensitive user data was said to be stolen in the breach, and the Piwik team is not aware of any security holes within the actual Piwik software.
Instructions on how to check if you downloaded an infected copy of Piwik along with the necessary steps to remove the malicious code can be found on the Piwik blog.
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+