Warning to All Customers of BlueLayerGroup, Inc., www.bluelayermedia.com!
On October 19, 2012, the BlueLayerMedia Staff issued a public statement on their website that their servers, domain registrar, and even payment processors were maliciously hacked and that they have closed their doors. They have left their customers to fend for themselves.
To BlueLayerMedia Customers,
On the evening of October 17th, hackers exploited our systems and decrypted important security passwords. With access to our servers, domain registrar, and even payment processors they began to wreak havoc on our systems. As soon as the infiliatration was detected we started to take measures to restore our own blocked access, but we regret that we were not quick enough in these efforts. The hackers who exploited our system were able to completely wipe the hard drives of our servers and even those our backup drives.
It is due to these actions that we no longer have any client data on our servers, no contact information, no website files, no emails, nothing. We regret to inform you all that we will not be re-launching services and are truly sorry for any loss you may have incurred. We are currently working to get all of the facts together, filing police reports and contacting proper authorities. Unfortunately the hackers were from outside the country and we have very little information to ever be able to get to them.
Again, we can't say how sorry we are for this system breach and wish that this unfortunate event could have been stopped. We appreciate your former business.
Sincerely,
The BlueLayerMedia Staff
10/19/2012
Unfortunately for their customers, unless they check www.bluelayermedia.com they have no clue if their pertinent information has been exposed and many may have lost their websites. A whois search revealed that the domain was registered in June 2, 2009.
According to the WayBack Machine, the last archive available was July 4, 2011 and was on a WordPress platform. It lists a phone number and email.
BlueLayerGroup, Inc.
Telephone: 1-866-837-0521
Email: [email protected]
It is unknown at this time if the email or phone number above is still working. I checked their Twitter account (http://twitter.com/BlueLayerMedia) and has been cancelled.
According to a Google archive, they did offer web design, custom WordPress, programming, web hosting, e-commerce solutions. Also a Google cache states, “We don't just build blogs, we write them too,” as well as search engine submission, designing themes, making WordPress plugins, and more.
This is a tragedy for their company as well as all their customers who may have had their information exploited. It is also a perfect example of why you need to take your WordPress Security seriously and do off-site backups.
We recommend BackupBuddy with storage at AmazonS3 (over Dropbox) for better security. Feel free to check out BackupBuddy through our affiliate link at https://wpsecuritylock.com/backupbuddy and save 25% off with coupon code: WPSECURITYLOCKS.
It is unknown how long the company will keep the warning statement on their home page. So,please help spread awareness. If you know anyone that was a customer of BlueLayerMedia.com, please be sure to let them know. And use the social media buttons below to help others warn their customers.
LEAVE YOUR FEEDBACK
How do you think the company handled this situation? I personally think a phone number or email address should be listed so that their customers could get in touch with them. Be sure to submit your comment below.
This situation just proves once again that all businesses should have disaster fallback plans. Wat happens if your host goes out of business with no warning? What happens if you get hacked? What happens if you lose your largest customer? What happens if a storm leaves you without electricity for a week or two?
Hey Christine,
All GREAT points and so true! We all need to ask ourselves these questions important questions when running an online business and then putting a disaster fallback plan into action.
Isn’t that sad that a group of hackers can single handily take down a business and pretty much wipe it off the map!!
Chris,
It is so sad!!!! I would imagine BlueLayerMedia Team is just devastated, plus their customers. I don’t know how many websites they were hosting, but for their customers that didn’t have backups it took them down too. Yikes!
Thank you for the continuing security alerts. It is becoming harder to do business online, with Google’s algorithm updates and with hackers. I use WP-Twin to make copies of all my wordpress sites and can reinstall one in minutes.
Hi Penny,
You are right, it is becoming harder to do business online. That’s why we need to be vigilant in using best security practices.
Regarding wp-twin, it is my understanding that backups are stored on your computer. My concern is if your website becomes compromised and your own computer gets infected by visiting your site you may lose your backups. Also to “clone” a site you must use Fantastico to install WordPress before you can finish the clone, which can be a security risk. See my article, “WordPress Security Risks Using Auto Installers Like Fantastico.”
However, I am glad you are being proactive and making backups of your sites. Good luck and stay safe.
Hi Regina –
I was searching for something and your page came up in the results 🙂
I just wanted to point out that WP Twin does in fact save the backup/clone on your server, so you immediately after it has been created, it is important to download it for safe keeping.
By the way, ANY WordPress site can use WPTwin – not just a WP site that was created with Fantastico. A Manually installed WP instance can be backed up with WPTwin.
You are absolutely correct in sharing that a backup on a server is of no use if the server crashes along with your backup!
Thanks.
Paul.
I love how you are on top of things and get the word out when security – or lack of -happens. I use Blue Host for my hosting account.
I use Dropbox for my backup. Could you tell me why you recommend Amazon S3 over Dropbox?
Hi Carol,
Thanks for your comment. Regarding Dropbox over AmazonS3, I’ll try to make it simple in my thinking. Dropbox uses Amazon’s Simple Storage Service (S3) for storage – see https://www.dropbox.com/help/27/en.
In addition…
Since your stored content is being synced at another location (Dropbox), it’s just more secure to avoid the “middleman (AmazonS3).” Personally for me, Dropbox has had too many security/vulnerability issues lately for me to feel safe to store my important data there. I have more reasons than that, but that is my most logical way of looking at it.
This article is from August 2012, but be sure to read some great points at http://www.informationweek.com/security/management/5-dropbox-security-warnings-for-business/240005413
Hope that answers your question.
Very sad. No back up is truly a back up unless it is held in more than one media in more than one physical location with no connection whatsoever that can be exploited.
Hi Klm,
Sad but true. I personally have about 4 external hard drives in addition to several online backups in different locations. I like having backups of my backups 😉
It has become crystal for me since this happened. I never realized how important it is to have and keep live phone and address contact information for any trusted source I work with in my business. I remember last year when a person was hosting a lot of big name sites, and he unexpectedly died. That was eye opening, but this has sealed the deal. I am very glad to be a member of WPSecurityLock )(SafeWP) Thanks for all that you guys do to keep us informed.
You are so right ShariLee! We need to cover all our bases when it comes to our online businesses. Glad we both know and are proactive in our “backup” plan.
I am glad you are a member of SafeWP.com too! It’s my passion to help others stay safe and I learn so much from my members too 🙂
No off-site Storage, No Cloud Storage, bad Security. I am amazed that any company can legally act this way and is just another reason why price shouldn’t your only reason for choosing a hosting company.
Hi Regina ridiculous for company and as i knew this news I get shocked.
Actually I already kept my backup but not relaxed ! Above question is not much crucial that you are asking “How do you think the company handled this situation?” the fact is that what would be happen with their clients and thousands of numbers, email that has been vanishes. BLUELAYERMEDIA also announced that it is unable to reopen, i.e. entering in a black hole. OMG
Thanks for your sharing.
Actually daily backup solve all the problems in additional with security plugins and service like cloudflare / incapsula which make your website almost bulletproof. Automatic backup with codeguard make those hackers wasting their effort just to prove their hack with a single click to restore it back.
That was terrible and that shows business websites are not safe online it must have a strong kind of security. I think the best thing that we can do is that we have to protect everything that we have online especially for our businesses.
Hi Regina, saw your post on WPTouch and ended up here.
Surprise, surprise – I had used their service when they offered a Prosper202 install on shared server, their sale pitch on their site if I remember correctly was you did not need a VPS account to run Prosper202.
Their offer was at the Warrior Forum: http://www.warriorforum.com/warrior-special-offers-forum/556247-free-prosper202-installation-30-off-hosting.html
I’m really ashamed to admit how I fell into their sales pitch, needless to say I’ve learned my lesson and using a VPS account now. You have no clue the headaches I’ve had with those guys. I did some investigation after my bad experience and yea what I found was an eye-opener ….