Brochure Site Compromised
Incident Report for Cronofy
Resolved
This incident has been resolved.
Posted Apr 10, 2019 - 14:14 BST
Monitoring
There was an exploit attached to one of the Wordpress plug-ins the site was using. This has been disabled and the script injection is no longer happening. We have re-enabled access to the site and will continue to monitor.

This was on a completely unrelated system to our API and other services. We maintain strict separation of systems. No user data or service was in anyway compromised.
Posted Apr 10, 2019 - 11:58 BST
Update
Whilst this incident is in place, we're blocking access to www.cronofy.com to ensure visitors are not compromised.
Posted Apr 10, 2019 - 11:37 BST
Identified
This looks like a Wordpress exploit. We're working with our Wordpress hosting provider to resolve.
Posted Apr 10, 2019 - 11:19 BST
Investigating
Our brochure web site (www.cronofy.com) is currently compromised. We're investigating.
Cronofy applications, APIs or service are NOT affected and are fully operational.
Posted Apr 10, 2019 - 11:01 BST