This incident has been resolved.
Apr 10, 14:14 BST
There was an exploit attached to one of the Wordpress plug-ins the site was using. This has been disabled and the script injection is no longer happening. We have re-enabled access to the site and will continue to monitor.
This was on a completely unrelated system to our API and other services. We maintain strict separation of systems. No user data or service was in anyway compromised.
Apr 10, 11:58 BST
Whilst this incident is in place, we're blocking access to www.cronofy.com
to ensure visitors are not compromised.
Apr 10, 11:37 BST
This looks like a Wordpress exploit. We're working with our Wordpress hosting provider to resolve.
Apr 10, 11:19 BST
Our brochure web site (www.cronofy.com
) is currently compromised. We're investigating.
Cronofy applications, APIs or service are NOT affected and are fully operational.
Apr 10, 11:01 BST