Hacked: Panama Papers Leaked Due to WordPress Vulnerability

You may have heard about it in the news recently — the scandal that’s making headlines, deemed the largest online information leak in history; the Panama Papers. If you haven’t heard about it, here’s an overview:

Mossack Fonseca, a Panamanian law firm, got hacked through their WordPress website. 2.6 terabytes of data including 11.6 million files were exploited — they revealed details of offshore shell companies participating in fraud, drug trafficking, tax evasion, and more. Mossack’s email accounts were also linked to the hacked server, revealing even more insider and private information. The identities of wealthy shareholders and directors were also exposed.

There were multiple reasons why hackers were able to pull off this leak with ease. The Mossack WordPress website was using an outdated plugin of Revolution Slider. This plugin had various well-documented problems and vulnerabilities. This version of RevSlider easily allowed a hacker to upload files and scripts to the sites servers. The same hacking code in the plugin was also used to access the emails. Due to the WordPress website development, confidential documents went public. The Mossack site also had no firewall protection or updated web portal logins.

How does this discovery relate to your business? Since over 23% of the world’s websites are created by WordPress, this is a huge target territory for hackers to gain private business information. Updates to your WordPress plugins and WordPress core are extremely important to download as soon as they become available. If a hacker gets access to your website’s codes they can steal important client information, ecommerce website details, passwords, and more.

These precautions may seem like common sense, but many websites go without updates or regular maintenance when business owners are unaware that these changes are their responsibility and not their web hosts’. Make sure to understand your website maintenance protocols when you hire a website developer. You will not be able to grow your business online if your website security is compromised. Updating your website’s plugins is a necessary part of protecting your business and your customers.

Kirk, a website design company, understands the importance and the responsibility of website design and development along with its upkeep. For more information about how to further protect your website call Kirk Communications at 603-766-4945

Holly Strand is a University of New Hampshire graduate. She holds her bachelor’s degree in Marketing & Business Administration and has over five years of experience in customer service. Holly takes a central role in creating SEO copy writing for