Last night, a minor defacing hack occured on RocketTheme's demo server, which hosts demos of its WordPress, Joomla, phpBB, and Magento themes. No customer data was compromised, and RocketTheme was able to quickly identify and patch the exploit.
A known exploit found in an older version of Magento was used over a period of 7 minutes starting around 12:20am CST allowing the attacker to upload their own index.php file into the home directory of RocketTheme's demo server, defacing the demos and replacing their home pages with the uploaded one.
The RocketTheme team was able to quickly identify the source of the issue and patch the offending Magento installation within the hour. This exploit was in no way related to any of RocketTheme's themes or extensions.
The attack occurred on a demo server completely separate from RocketTheme's main site, and no customer data was accessible or compromised in any way.
If you have any further questions or concerns about this incident, please feel free to contact us through our contact form.