We’re so sorry to hear this happened to you. I want to assure you that we take the security of our plugin very seriously, and we would never want a customer’s account to be compromised.
It’s likely that the hacker was somehow able to guess your wordpress or OneSignal password. You can also check your email here to see if your password has ever been leaked anywhere: https://haveibeenpwned.com/
We also recommend immediately changing your OneSignal and wordpress plugin, as well as resetting your OneSignal API key by following the instructions here: https://documentation.onesignal.com/docs/accounts-and-keys#section-resetting-your-rest-api-key
Another possibility is that somehow your OneSignal REST API key was shared online. We’ve seen this happen if customers accidentally uploaded sensitive data to github or another public place.
If there’s anything at all we can do to help, please don’t hesitate to contact our support team. While we don’t think this was a problem with OneSignal itself, we want to do whatever we can to make things right.
Well the real strange thing is that I had a few websites on that server and they were all affected. Thanks for the response though.
Same thing happend to me. I will try to change passwords.
@maximusmccullough
Are your sites allright now?
@maximusmccullough and @vortodox this has been an issue we have seen with customers that don’t have proper security in place to block this issue from happening. Please checkout options to hardening your site and follow this guide for further details: https://documentation.onesignal.com/docs/data-questions#section-my-account-has-been-compromised-what-should-i-do
As always, please reach out to support@onesignal.com if you need further assistance.
same thing happen with my account.
i changed password and reset the API KEY and reinstalled server. but same thing happen:
someone is sending adult nottifications to all my apps. there are 2 possible options:
Onesignal get hacked or Onesignal is sendig those notiffications without our premission
Probably the later option is very viable. Offer a free service to everyone but then send out affiliate link offers with adult content for them to make money from CPA.. smart.
