Disaster management for when you get 1000s of customers hacked - WordCampSG 2017

Published on: Sunday, 26 November 2017

Speaker: Akshat Choudhary

What does disaster look like to a WordPress plugin developer? It’s never fun to find out the hard way. This talk will be in the form of a few short stories about one disaster my company (BlogVault) faced recently: a major plugin vulnerability. I’ll be telling you what we did when more than 1000 of our customers got hacked overnight through our plugin… and how we recovered. Although this was one of the most harrowing experiences in the history of the company, it taught us quite a few lessons:

Act fast
Minimize damage, fix the root cause. Communicate, communicate, communicate
Be honest & clear with your team, partners, and customers about your next steps. Be prepared for curveballs
Not everything can be planned. Forgive delays and mistakes. Fix everything
You don’t know what’s broken (for sure). Reinforce it all. What happened when?
Stressful times call for simple measures. Note down what happened (and when). It’ll help with communications. Eliminate doubt.
Our internal tool helped us identify signs of malware from 200,000 sites, but we also needed reaffirmation. What not to do when you face such a disaster: Panic
This only makes everything worse. Shy away from the truth
Whether your customers or partners leave isn’t up to you. Your company’s integrity is. Focus inwards only
Your business is about your customers, who are having a tough time. Help them first. The Ultimate Takeaway: Reach out to the community. Lots of people have been in the same situation.

Event Page: https://2017.singapore.wordcamp.org/

Produced by Engineers.SG

Help us caption & translate this video!

https://amara.org/v/crpJ/

Organization