Η WPEngine μια από τις μεγαλύτερες εταιρείες hosting της πλατφόρμας WordPress ανακάλυψε μια διαρροή διαπιστευτηρίων των πελατών της. Η εταιρεία αποφεύγει πολύ προσεκτικά να αναφέρει την λέξη hacking in the statement it issued, but still clearly mentions the data breach.
Let's see what the announcement says:
At WPEngine we are committed to providing strong security. We are writing today to let you know that we have a report that includes some of our customer credentials. We look, we are active, taking security measures across our customer base.
We have already started an investigation, but we need to take immediate action. In addition, there is not something that requires your immediate attention.
While we have no proof that the information that they leaked χρησιμοποιήθηκαν ανάρμοστα, ως προληπτικό μέτρο, είμαστε ακυρώνουμε τους πέντε ακόλουθους κωδικούς πρόσβασης που σχετίζονται με το λογαριασμό σας στην WP Engine. Αυτό σημαίνει ότι θα χρειαστεί να επαναφέρετε το καθένα από αυτούς. Οδηγίες για το πώς να επαναφέρετε τους κωδικούς αυτούς βρίσκονται στο κάτω μέρος αυτού του μηνύματος ηλεκτρονικού post officeU.
In the WPengine portal
In the WordPress database
In SFTP
In the original WP-Admin Account
In all Password Protected Installs
As a best practice, we also recommend that you use this password elsewhere with other applications to change it immediately.
We apologize for any inconvenience this may cause. We take this report as an opportunity to revise and strengthen our security and remain committed to strong internal security practices and procedures.
We take the safety of our customers very seriously. You can get more information about the event from the page http://wpengine.com/infosec