If it was just gifs at stake I would not be worried.
Wordpress is great CMS but site backups that are publicly available are a gold mine for hackers who need more credentials to get more data I am afraid.
Ok - we are done checking into this. Nothing secret was exposed. We were doing a final check for our own Wordpress admin passwords (e.g., for blog), but that was not in there either.
Again - no Corona developer user info was exposed at all that is in a completely separate infrastructure.
Nothing to see here 
> If all is well you would have no problems with me posting the links to the (non secure) publicly available files on your web server that were revealed (full site backup, scripts)?
I have informed support@ over an hour ago of exposed scripts?
Ahhhh, major issues remain, ill check back in 7 hours.
You may want to .htaccess block directory listing on your site, loads still open.
Get your web admins to confirm every folder.
David
Can I have Walters email?
I have a final bit to report (as it has been overlooked by support and the forums moderator). Please DM
Simon - feel free to email me: david AT coronalabs.
Nah, forget it, seriously considering dropping Corona development after this experience, The securing of the website was an absolute joke after all URL’s were exposed by server issues.
> Hey guys - we did have a snafu with our www.coronalabs.com site. That is now fixed.
Saying the site was all fixed when it was not was a joke.
Who in their right mind stores a full site backup zip at the top structure of their website along with a full mercurial source control of their whole website along with dozens of admin scripts and error logs.
I see you have fixed most already but given the quality of the marketing server I have not faith in your developer or build server?
If I did not keep bugging your support and this forum I doubt the issues would have been fixed at all.
A Thanks would be nice.
If I cancel my Corona pro subscription do I get a remaining time part refund?
Downloading Xcode 6 beta and iOS 8 Beta, time to learn Swift and move on from Corona.
Simon - I’m a little mystified by all of this, but of course you are free to adopt any tool you would like and we will wish you the best of luck. Unfortunately we do not give our partial refunds.
Just to recap the facts:
-
We knew our Wordpress site had an issue yesterday, as soon as it happened - before any reports or incoming emails. It actually was caused by a specific human error, so we realized it right away.
-
As soon as we realized we had an issue, we worked to solve it. It was pretty much all solved within 30 minutes or so. We tidied things up after that as necessary.
-
Most importantly: this was only an issue with our marketing Wordpress site (WWW.coronalabs.com). This site has no access to user identities, build servers or other important pieces of our infrastructure (not even forum.coronalabs.com).
-
Again, our forum, user database, build servers were never compromised in any way. What was exposed was the Wordpress content you can see anyway at www.coronalabs.com
-
Once we got a handle on the situation, we quickly corrected it.
We really do appreciate your efforts in letting us know about the issue. It’s always helpful to have people in the community flag things and help out. We take security very seriously here - especially of anything having to do with our users’ info and our build servers.
Having said that, I’m not sure where else we can take this. Our front end marketing site has nothing to do with Corona’s capabilities as a tool or how well it works.
If you want to discuss further, I am happy to do so. Just email me at david AT coronalabs.
David
Can I say, “Don’t let the door hit your butt on the way out.” without it sounding antagonistic? Because that’s the way I mean it, just friendly-like. You took something minor and blew it up (in your own mind) to something significant. And because of that imaginary problem you’re going to switch to something where you won’t be nearly as productive.
Jay
PS - I don’t care if someone switches away from Corona – but do it for a legit reason.
> PS - I don’t care if someone switches away from Corona – but do it for a legit reason.
There were reasons why discussions moved to the forum.
Leaving is a pain for me but what was communicated/exposed scared me.
Its funny because Apple got hacked a while back exposing all iTunes connect accounts and now you want to drop Corona SDK and move to Apple because of the lax security on the marketing web server. Don’t get it. Best of luck to you in your future endeavours.
The fact that this wasn’t a ‘been hacked’ situation is good. Look at all the big companies that suffered recently due to the ‘heart bleed’ exploit. Even operating systems are hacked and exploited all the time.
This boils down to your sense of trust at the end of the day. If you do not accept any form of exploitation or exposure, then really you should never use a computer again 
This isn’t meant as a attack or insult towards anyone, just a light hearted look at the situation
Yep, tech is a double edged sword. No hard feelings, good luck everyone.