There was an exploit attached to one of the Wordpress plug-ins the site was using. This has been disabled and the script injection is no longer happening. We have re-enabled access to the site and will continue to monitor.
This was on a completely unrelated system to our API and other services. We maintain strict separation of systems. No user data or service was in anyway compromised.
Posted Apr 10, 2019 - 10:58 UTC
Update
Whilst this incident is in place, we're blocking access to www.cronofy.com to ensure visitors are not compromised.
Posted Apr 10, 2019 - 10:37 UTC
Identified
This looks like a Wordpress exploit. We're working with our Wordpress hosting provider to resolve.
Posted Apr 10, 2019 - 10:19 UTC
Investigating
Our brochure web site (www.cronofy.com) is currently compromised. We're investigating. Cronofy applications, APIs or service are NOT affected and are fully operational.