in Iconfinder News

Cookie hijacking

When storing credit card information and handling accounts with balances for our users, we take security very seriously. Today, due to a bug in newly released code, it was possible to inject a JavaScript on the site that made it possible to hijack cookies from users under extreme circumstances. A hacker would simply be able to log in with a different user’s account, if this was used maliciously, which the attacker has later claimed was not the intention. Please note that this does not give the hacker access to any actual credit card information, as not even the Iconfinder staff has access to this, and your credit card information is therefore safe.

We found out about the injection after about 2 hours. We have gone through all transactions and have not found any suspicious activity, but please don’t hesitate to contact us at is you experience any.

To make sure no accounts are breached, we have decided to remove all sessions on the server, meaning that all users have to log in again. We apologise for the inconvenience but in situations like these we would rather err on the side of caution.

– The Iconfinder team

Write a Comment