Support » Plugin: OneSignal - Web Push Notifications » OneSignal Hacked Server

  • I was using this plugin until about 3 weeks ago it all of the sudden started spamming everyone with adult sites. Too bad, now I need to tell everyone how to get the push notifications off of their computer! RRRRRRR!

    • This topic was modified 2 months, 2 weeks ago by maximusmccullough. Reason: had to make stars one instead of 5
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author OneSignal

    (@onesignal)

    We’re so sorry to hear this happened to you. I want to assure you that we take the security of our plugin very seriously, and we would never want a customer’s account to be compromised.

    It’s likely that the hacker was somehow able to guess your wordpress or OneSignal password. You can also check your email here to see if your password has ever been leaked anywhere: https://haveibeenpwned.com/

    We also recommend immediately changing your OneSignal and wordpress plugin, as well as resetting your OneSignal API key by following the instructions here: https://documentation.onesignal.com/docs/accounts-and-keys#section-resetting-your-rest-api-key

    Another possibility is that somehow your OneSignal REST API key was shared online. We’ve seen this happen if customers accidentally uploaded sensitive data to github or another public place.

    If there’s anything at all we can do to help, please don’t hesitate to contact our support team. While we don’t think this was a problem with OneSignal itself, we want to do whatever we can to make things right.

    Well the real strange thing is that I had a few websites on that server and they were all affected. Thanks for the response though.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this review.