Skip to main content

Hacked WordPress to reset 30,000 passwords

Popular blogging website WordPress has forced its hosts WP Engine to announce that it has fallen victim to a security breach that has forced a reset of 30,000 customer passwords.

WordPress is a very popular blogging platform and as a result has often been the target of attacks and compromises from threat actors and cybercriminals looking to infect users.

However, WP Engine did state that there was no evidence that the recent breach had led to any inappropriate use of information, but as a precaution it was taking appropriate security measures across its entire user base. What that means is that it is taking pro-active measures to secure user accounts by invalidating passwords associated with the WP Engine accounts.

"At WP Engine we are committed to providing robust security. We are writing today to let you know that we learned of an exposure involving some of our customers’ credentials," WP Engine said in a statement yesterday. "Out of an abundance of caution, we are proactively taking security measures across our entire customer base."

This breach, of course, will require you to change your password if you are one of those affected by the issue. Also, if you use the same password for other accounts – which is a poor but common practice - then you should also change the password for those services. In addition, it would be wise to monitor the activity of your email and financial accounts.

This announcement follows hot on the heels of another WordPress attack whereby the UK national newspaper, The Independent, fell victim to an attack only days ago. It should be noted that only the blog part of the website - which uses WordPress - was impacted; the rest of The Independent’s on-line presence was unaffected.

Image Credit: Shutterstock / GongTo