On Friday, one of WP Engine’s infrastructure partners, Linode, announced they had a breach in part of their account administration infrastructure. The breach meant encrypted customer passwords were vulnerable during the breach. WP Engine is a customer of Linode, but customers and clients of WP Engine were unaffected on Friday.
To be very specific, no customer data was affected as no ,inodes themselves have been compromised. We believe the exploit itself was limited to Linode’s billing database.
WP Engine has already cycled our internal administrative passwords – the impact to WP Engine’s operations and security has been nil.
Now, as a large customer of Linode, WP Engine is working closely with their leadership to understand thoroughly what happened last week. But at this time, we remain fully satisfied with the security of their infrastructure. We’re posting this to our blog as part of our commitment to our customers to be transparent and forthright.
Again, all WP Engine customer information remains secure and no WP Engine customer data was affected. If you’re a WP Engine customer, no further action is required.
Leave a Reply