This announcement is to inform you about a security incident involving the exposure of some user credentials on the dark web.
Please rest assured that this does not affect your self-hosted MainWP Dashboard installations. The exposed credentials are only related to MainWP.com accounts. We have also received no evidence that MainWP.com was directly targeted.
We want to reiterate that this incident did not involve any access to your self-hosted MainWP Dashboard installations. Your Dashboard credentials and data were not impacted.
The tl;dr: Out of extreme caution and to enhance account security after finding some user information on the dark web, all MainWP.com users will be required to reset their passwords through the lost password process.
This process invalidates any exposed old passwords and allows the creation of new, strong credentials. Additionally, two-factor authentication is being made mandatory to provide an extra layer of protection.
This does NOT mean you are affected; however, if you are or were using generic or repeated passwords across multiple sites, there is a good chance you have been caught in the MOAB breach explained below. If you have done that in the past, resetting ALL your passwords, not just MainWP.com, is a good idea.
What Happened?
As part of our ongoing security monitoring efforts, an ethical hacker on HackerOne, a cybersecurity platform that connects us with security researchers to identify vulnerabilities, alerted us that a subset of MainWP.com user logins and passwords had been found circulating on the dark web.
After a thorough internal investigation and discussions with our hosting provider, we determined that this exposure is likely related to the MOAB data breach and NOT a direct attack on MainWP.com.
About the MOAB Data Breach
The MOAB (Mother of All Breaches) was a massive data leak discovered in January 2024. It contained over 26 billion records from thousands of previous data breaches across 3,876 different domains. The 12-terabyte dataset included user data from major platforms like LinkedIn, Twitter, Weibo, Tencent, and others. While some data was from previously reported breaches, the MOAB also contained billions of new records that had not been exposed before. The sheer scale of this compilation made the MOAB one of the most significant data breaches ever discovered.
You can read more about MOAB here: https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/
What Information Was Found
The exposed information includes MainWP.com user logins and passwords.
If your username and password were exposed AND an attacker was to log in with those credentials, the information would be limited to:
- Your support tickets
- The URLs of your connected MainWP Dashboards
- Your extension installation history
We want to reiterate that this incident did not involve any breach of your self-hosted MainWP Dashboard installations.
Actions We Are Taking
To ensure no user accounts remain vulnerable because of this credential exposure, we are requiring all MainWP.com users to reset their passwords using the lost password functionality.
Your password has already been changed on our end. This will invalidate any exposed old passwords and allow you to create a new, strong password for your account.
To further strengthen account protection, we are now requiring everyone to use Two-factor authentication when accessing MainWP.com.
Actions You Should Take
While your MainWP Dashboard installations remain secure, we strongly recommend that you take the following actions immediately for your MainWP.com account as a precautionary measure:
- Go to the MainWP Password reset Page
- Change your Password to a strong, unique one
- With your new password log into your account
- From the left sidebar Click on 2FA Settings
- Follow the directions here: Enable two-factor authentication for added account security.
To further strengthen account protection, we are now requiring everyone to use Two-factor authentication when accessing MainWP.com.
If you are or were using generic or repeated passwords across multiple sites, there is a good chance you were caught in the MOAB breach explained above. If you have done that in the past, it is a good idea to reset ALL your passwords, not just MainWP.com.
Our Commitment to Security
We take the security of our products and services extremely seriously. We are continuously working to enhance our security measures and monitoring systems to protect our users’ data and prevent such incidents from occurring.
We will continue to investigate this matter thoroughly and take all necessary steps to safeguard your information.
If you have any further questions or concerns, please do not hesitate to contact our support team.
Thank you for your understanding and continued trust in MainWP.