Wonster Words Push Notification Hacked – Updates
3/17/2020 1:00PM Pacific Time – We have received no new reports of issues in the past 24 hours! Nor have we seen any more suspicious activities on our server for the past 3 days. So, we officially consider this incidence closed. That said, we are undertaking a lot of work to make sure this type of things don’t happen again. You can learn more here. Many thanks to the many parents who have supported us through this. Our sincere apology again for what happend.
3/14/2020 1:30PM Pacific Time – The only reports we are getting now are messages sent yesterday. Still monitoring. Please email us if you are seeing NEW inappropriate messages.
3/13/2020 8:40PM Pacific Time- A few more users have reported inappropriate messages. We did some more work that seemed to have helped.
Concerned parents have been emailing us about receiving highly inappropriate push messages from the Wonster Words. We reassure you that those messages definitely are NOT authorized by us, and we are equally appalled by them!
Our push notification system was hacked sometime late evening of 3/12/2020, and the hackers have used it to send out these inappropriate messages. As of 3/13/2020 3:20PM Pacific Time (3/13/2020 10:20PM GMT), we believe we have disabled the system that was compromised, so the push messages should be stopping. If you are still seeing inappropriate push messages sent after this time, please email us at email@example.com so that we can investigate further.
We are deeply embarrassed and sorry that this has happened. It’s especially alarming because of the children we serve and the trust you have given us. We will be adding additional security
Sometime late last night early this morning our push notification server was breached through a poorly secured login. The hacker was able to send unauthorized and highly inappropriate push messages to our Wonster Words users. We have since disabled the service so the messages should be stopped.
How come I am still seeing these inappropriate massages?
While we have been able to prevent new messages from being sent, previously sent messages would still be on the client device. We don’t have the ability to delete messages that are already sent out.
What if I am still seeing new inappropriate push messages?
If you are still receiving NEW messages after 3/13/2020 3:20PM Pacific Time (3/13/2020 10:20PM GMT), PLEASE do email us at firstname.lastname@example.org with a screenshot and when you received the message. We would appreciate it.
How are you going to make sure this doesn’t happen again?
This is a serious incident that should have never happened. We have already taken steps to address the issue that allowed this to happen. We will be doing even more in the coming weeks to further secure all of our systems.
Did hacker get access to any private information?
No comments yet.