Client Passwords Exposed in the Breach
As a result of the breach, clients’ credentials were compromised. WP Engine is taking immediate measures to isolate the attack, locate the breach source and protect their customer database. However, as the research is ongoing, details about the incident are yet to be made public.
WP Engine has already started resetting passwords for all of its clients. The company hasn’t revealed which credentials have been leaked.
The WP Engine User Portal password, SFTP password, the original WP-Admin account password, the passwords for password-protected installs and transferable installs are currently being changed. Also, all clients will be asked to change these passwords next time they want to log to their accounts.
Learn How to Protect Your Passwords.
Scary Rumors Going Around the Web
According to rumors circling online, at least 30 thousand client accounts have been compromised. However, these claims are not officially confirmed by WP Engine and are most likely based on false information. Several years ago the company’s portfolio revealed that WP Engine had about 40,000 customers.
There are a few probable reasons for the attack, SQL injection and malware infestation being the most likely causes for the breach.
This is a part of the company’s official statement:
Our investigation is still actively in progress. We share your frustration that we cannot provide answers to many of your questions. However, because this is an active, on-going investigation, including federal law enforcement, we are limited in what we can share at this time.