Herr Bischoff

Spam From Festinger Vault and Hacked WordPress Plugins

Today I received a new kind of spam: a message apparently sent by WordPress, notifying me an account creation in my name.

Username: herrbischoff

Username: herrbischoff
Password: DlDw********

If you have any problems, please contact us at hello@festingervault.com.

I’ve never interacted with this site, much less signed up for an account. In fact, I’d never heard of it before this email. Which led me down a short rabbit hole that ended at yet another person being a dick about other people’s property. No doubt for the sake of personal enrichment or some other morally bankrupt reason.

The email was quickly followed up by a second welcome message:

Thanks for joining Festinger Vault Community, and welcome!

Now it’s time to put things into action and open the doors to the almost unlimited range of fantastic themes and premium plugins.

Download the damn plugin already and get it activated, we gotta rock your WordPress site.

Have I mentioned that I didn’t sign up for this? I don’t even run a WordPress site. Thus far they have sent spam, mishandled my personal data, violated GDPR and offered me to install a questionable plugin on a software platform I don’t use.

Investigating further, I found that this website is about purchasing WordPress plugins from authors and mass redistributing them to the “Festinger Vault Community” – for a monthly fee of course. They even boast about it on the front page:

Consider the vault as your personal database of 25K+ premium WordPress themes and plugins that would cost $500,000 if you bought them separately but made them available to you for a fraction of their cost at just $9/month.

All you have to do is install their plugin and manage everything else through it. A couple of immediate thoughts occur:

Installing a plugin from a shady site opens your website up to all kinds of malware injection.

There’s a FAQ item that reads “Is this legal?”. Builds trust right from the get-go.

The footer contains a direct link to an advertising thread on BlackHatWorld, a criminal hacker forum.

The justification for all this is: GPL licensing would allow for this kind of redistribution. Given the context, there is no point in going into the many, many issues with this interpretation. The most obvious being that if you make modifications to the source code and sell it, you need to provide the changed code, on request.

They offer a white-label service that allows you to resell the work of others with your own name on it. This is a breach of GPL if there ever was one. In their own words:

White-label Branding is the ability to rename and present a product or a plugin as your own. This helps you hide the actual identity of the theme and plugins used and lets you use your brand name instead.

It should be rather clear by now that all this song and dance is a thinly veiled excuse for reselling stolen content for profit.

Why did they send me login data for an account I didn’t create?

I haven’t tried the credentials. The best I can figure is an attempt at getting me to interact with the site out of curiosity. The Venn diagram overlap between people susceptible to logging in to a random website and using modified software they found on a random website operated by a criminal hacker is probably not insignificant.

Anyway, I have reported the emails as abusive to AWS, added the domain to my list of spam senders and won’t hold my breath hoping for anything to change.