Meletrix has been Hacked (Resolved)

I got a weird email from Meletrix today, saying they had some new software. It didn’t seem too fishy, but I still wasn’t about to download anything randomly like this from them.

image859×979 62.6 KB

So then, a couple hours later I get this.

image864×992 55.4 KB

Which was interesting because it’s from the exact same email address. Now, I know about spoofing and phishing and all that. The thing is, this email and the “phishing email” both were sent to an email address that I ONLY use for Meletrix.

To know that email, and not just spam my normal email, would indicate they have access to information within Meletrix’s systems.

On top of that, I did what seemed reasonable, but potentially ill-advised. I logged into their web site and attempted to change my account password. Only that was not an option I had on my account page, and that seemed highly unusual as well.

Anyway, avoid them for a while. They’ve gone radio silent since that last communication.

Meletrix has posted a couple responses to their Discord that seemed detailed and earnest. I’ll post them here to close the loop.

[03:40] Jesse | Meletrix

Apology and Explanation Regarding the Abnormal Email Sent on April 18

Dear Valued Customer, We sincerely apologize for the incident that occurred on April 18, 2025, at approximately 4:00 AM Beijing Time, where an official email containing a suspicious link was mistakenly sent to some users due to a compromised Shopify backend account. This email was a maliciously disguised message, and the link poses a security risk. Please do not click or download any content.

Root Cause:
After an urgent investigation, we determined that the incident originated from a long-dormant Shopify backend employee account that was compromised due to a leaked password. The attacker accessed the Shopify backend system through this account at 3:21 AM Beijing Time on April 18 and used the Email App to send a trojan-disguised email masquerading as an official notification. (See screenshot of the abnormal login logs below.)

Actions Taken:
Immediate Account Suspension: The compromised account has been permanently deleted to prevent further unauthorized access.

Enhanced Account Security: All employee account passwords have been reset with stricter complexity requirements, and all device login authorizations have been revoked.

System Security Audit: We conducted a full review of backend permissions, third-party apps, and email functionalities, disabling unnecessary interfaces.

User Protection Guidance: If you accidentally clicked the link or downloaded any files, please run antivirus software immediately.

[03:40] Jesse | Meletrix

Regarding Data Security Concerns:
We hereby clarify that only administrator accounts have permissions to export user data. The compromised account lacked any user data access privileges, and no customer information was leaked to external parties.

Preventive Measures: To prevent recurrence, we will implement the following improvements:

Mandatory two-factor authentication (2FA) and periodic password updates for all employee accounts.

Restricted permissions for inactive accounts and real-time monitoring of abnormal logins.

Monthly security reviews of third-party app authorizations.

This incident highlights gaps in our account security management, and we deeply regret the concern it has caused. Your trust is our utmost priority, and we are committed to safeguarding your information with stricter measures. For questions or assistance, please contact us at service@meletrix.com .

Once again, we profoundly apologize and wish you and your family a safe and joyful Easter.

Sincerely, Security Team at Meletrix April 18, 2025