Panic source code stolen

In a case of extraordinarily bad luck, even for a guy that has a lot of bad computer luck, I happened to download HandBrake in that three day window, and my work Mac got pwned.

Long story short, somebody, somewhere, now has quite a bit of source code to several of our apps.

Okay, that’s bad, but there is some good news:

  • There’s no indication any customer information was obtained by the attacker.
  • Furthermore, there’s no indication Panic Sync data was accessed.
  • Finally, our web server was not compromised.

[Via John Gruber]



  • Kriztyan

    I use two of there apps. One of the best Mac developers out there.

  • john doofus

    That really sucks. But the way Panic has handled it reinforces their reputation as one the premier Mac developers.

    1. Buy Panic apps from Mac App Store.

    2. Get Apple to allow things like Handbrake to be available on Mac App Store.

    3. If you use pirated software from dodgy sites, you deserve what’s coming to you.

  • BC2009

    I got lucky on this. I downloaded Handbrake during the same period and managed to get the version of the download that was not infected with malware (50/50 chance). I was totally “panicked” (pun intended) when I saw that news story on the Monday morning when it made the rounds. I immediately had to check for the trojan as well as the checksum of the download.

    Long story short, I was taught a lesson in not being lazy about checking checksums on downloaded DMG files. Thankfully that lesson did not involve a malware installation.

  • James Hughes

    I downloaded an update to handbrake one day before the 3 day window. I still double checked, no problems. But what are the odds? Plus, with someone like Panic, I’d be less likely to be as vigilant as I usually am. No more.

  • JimCracky

    Panic is full of great developers and software. Hope this doesn’t hurt them much.

  • I happened to download HandBrake in that three day window, and my work Mac got pwned.

    Work Mac. Nice. One reasonably hopes that the companies we trust our information with would use better judgement.

    In this case, I really hope I don’t get yet another notification from my bank that they’re replacing my debit/credit card.