WP Engine has suffered a major security breach it forcing to reset over 30,000 customers’ passwords. On Tuesday, the WordPress hosting outfit confessed to the hack attack. It posted recommendations on resetting passwords with updated step-by-step links on how to do it.
WP Engine is a Hosted service provider, which manages WordPress hosting for mission critical sites around the world. Set up by WordPress to better support the giant web publishing platform, it had stayed clear of any security vulnerabilities – unlike WordPress and its themes- up till now.
In an urgent security notification on its site, WP Engine announced the security breach. They said, “At WP Engine we are committed to providing robust security. We are writing today to let you know that we learned of an exposure involving some of our customers’ credentials. Out of an abundance of caution, we are proactively taking security measures across our entire customer base.”
“We have begun an investigation, however there is immediate action we are taking. Additionally, there is action that requires your immediate attention” said the WP Engine Team, referring to the resetting of passwords. “While we have no evidence that the information was used inappropriately, as a precaution, we are invalidating the following five passwords associated with your WP Engine account. This means you will need to reset each of them.”
The firm immediately reached out to its clients informing them of the attack and on how to guard their accounts. Users with an account at WP Engine should change their password and keep a watchful eye over email comings and goings, as well as, their financial transactions.
WP Engine apologized for the attack, “We apologize for any inconvenience this event may have caused. We are taking this exposure as an opportunity to review and enhance our security, and remain committed to strong internal security practices and processes.”